The GitHub Actions job "Build and push docker images" on ofbiz-framework.git has failed. Run started by GitHub user asfgit (triggered by asfgit).
Head commit for run: eff3a6a7723507af116d3c4045d83f2e4064c7c9 / Jacques Le Roux <[email protected]> Improved: Upgrade Apache Shiro from 1.13.0 to 2.0.0 (OFBIZ-12961) Summary, TL;DR: the changes are minimal and things work like before. OFBiz uses now Shiro 2.0.0 for AES ciphering instead of Shiro 1.13.0. OFBiz still uses 3-DES and other (older) ciphering methods in case AES would fail facing old data. This also removes now useless "temporary workaround to compile Shiro 2.0.0 without LDAP" component block in dependencies.gradle Details: This uses 'org.apache.shiro:shiro-crypto-cipher:2.0.0' instead of previously wrongly committed org.apache.shiro:shiro-crypto:2.0.0 It re-installs org.apache.shiro:shiro-core:1.13.0 I have still to completely review https://github.com/apache/shiro/issues/1022 According to it, it seems that for now we need to keep shiro-core:1.13.0 http://svn.apache.org/viewvc?view=revision&revision=1814704, and the more complete dev ML discussion referred in the commit message explains why we keep 3-DES and other (older) ciphering methods. I see no problems with that. But, we may want to completely get rid of the old 3-DES and old ways by refactoring this part of code. And maybe offering a way to migrate the data to AES. The Shiro issue referred above may help in this way. Thanks: Lenny from Apache Shiro project for the idea. Report URL: https://github.com/apache/ofbiz-framework/actions/runs/8433295591 With regards, GitHub Actions via GitBox
