I’m doing on all branches. Regards JB
> Le 13 avr. 2021 à 08:30, Grzegorz Grzybek <[email protected]> a écrit : > > Hello > > Yes - an upgrade to Jetty 9.4.39 is fine. Just no need to do it in `main` > branch, because I've already updated it locally in very not-ready-yet code. > > regards > Grzegorz > > wt., 13 kwi 2021 o 08:25 'Fabien S' via OPS4J <[email protected] > <mailto:[email protected]>> napisał(a): > Hi, thank you a lot for your help and explanations! > Regarding the vulnerability, maybe it's possible to include in the code of > the application this work-around: > https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w > > <https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w> > but I'm not sure it would handle all the cases, so relying on an official fix > from Jetty would be safer. > > Cheers, > Fabien > > On Monday, 12 April 2021 at 20:50:48 UTC+2 [email protected] > <mailto:[email protected]> wrote: > Hello > > Just an information about Pax Web and main branch. I've recently renamed > "master-improvements" branch to "main" - I had two goals with this action: > - show that my long-developed "master-improvements" branch, where I've > literally refactored big part of Pax Web (to adjust to new Whiteboard > requirements) is ready to be worked on by others > - adjust to new standards, where "main" is the new "master" > > Unfortunately this new "main" branch is still far from being released (I had > few months break again and I have to "feel" it again) and usual practice, > where some change is always made in newest branch and then backported to > maintenance branches. "main" branch is MUCH different than pax-web-7.2.x – > pax-web-7.4.x branches. > > Also, remember that 3 active maintenance branches of Pax Web are: > - pax-web-7.2.x - the branch used by Karaf 4.2.x, with Jetty 9, Tomcat 8 and > Undertow 1.x - the branch using Servlet API 3.1 > - pax-web-7.3.x - the "tech preview branch 1" with Jetty 9, Tomcat 9 and > Undertow 2.0.x - the branch using Servlet API 4 > - pax-web-7.4.x - the "tech preview branch 2" with Jetty 9, Tomcat 9 and > Undertow 2.2.x - the branch using Servlet API 4 and Undertow 2.2.x which "got > back" OSGi metadata since 2.2.5.Final > (https://issues.redhat.com/browse/UNDERTOW-1852 > <https://issues.redhat.com/browse/UNDERTOW-1852>) > > Karaf 4.3.x chose pax-web-7.3.x despite it's still not proper OSGi CMPN 7 > implementation (the goal is to have Pax Web 8 compliant to OSGi CMPN 7 > specification, but it reaaaaaaaaaally required lots of fundamental changes, I > was describing for at least a year). > > I hope this clarifies the state of Pax Web. > > kind regards > Grzegorz Grzybek > > pon., 12 kwi 2021 o 20:26 Jean-Baptiste Onofré <[email protected] <>> > napisał(a): > Hi, > > It’s already plan and I have Pax Web releases on the way, including this and > other fixes. > > So, don’t worry, we will have the Pax Web releases tomorrow. > > Regards > JB > >> Le 12 avr. 2021 à 18:25, 'Fabien S' via OPS4J <[email protected] <>> a >> écrit : >> >> I created this issue about the upgrade to Jetty 9.4.39.v20210325 because >> some lower version are impacted by CVE-2021-28165. >> >> https://github.com/ops4j/org.ops4j.pax.web/issues/1594 >> <https://github.com/ops4j/org.ops4j.pax.web/issues/1594> >> >> I wanted to try to do the change by myself, and I hoped that creating a pull >> request would allow me to run the regression tests but in fact I don't know >> how to trigger these tests. I'm not even sure that I created a commit for >> the right target branch. Could anybody assist me please? >> >> Cheers, >> Fabien >> >> -- >> -- >> ------------------ >> OPS4J - http://www.ops4j.org <http://www.ops4j.org/> - >> [email protected] <> >> >> --- >> You received this message because you are subscribed to the Google Groups >> "OPS4J" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ops4j/c195a8ad-7e90-47ff-b4ff-aa0435e58528n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ops4j/c195a8ad-7e90-47ff-b4ff-aa0435e58528n%40googlegroups.com?utm_medium=email&utm_source=footer>. > > > -- > -- > ------------------ > OPS4J - http://www.ops4j.org <http://www.ops4j.org/> - [email protected] > <> > > --- > You received this message because you are subscribed to the Google Groups > "OPS4J" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ops4j/98638032-D996-4E58-BC9E-42B18FD34872%40gmail.com > > <https://groups.google.com/d/msgid/ops4j/98638032-D996-4E58-BC9E-42B18FD34872%40gmail.com?utm_medium=email&utm_source=footer>. > > -- > -- > ------------------ > OPS4J - http://www.ops4j.org <http://www.ops4j.org/> - [email protected] > <mailto:[email protected]> > > --- > You received this message because you are subscribed to the Google Groups > "OPS4J" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ops4j/744966d3-b9a5-42b6-adf1-4aeb394b8ec4n%40googlegroups.com > > <https://groups.google.com/d/msgid/ops4j/744966d3-b9a5-42b6-adf1-4aeb394b8ec4n%40googlegroups.com?utm_medium=email&utm_source=footer>. > > -- > -- > ------------------ > OPS4J - http://www.ops4j.org <http://www.ops4j.org/> - [email protected] > > --- > You received this message because you are subscribed to the Google Groups > "OPS4J" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ops4j/CAAdXmhoyHLbwWbek3iu6R%2B0wYAqpkaUR0nYSeF%2B%2BT2WFqtjYXg%40mail.gmail.com > > <https://groups.google.com/d/msgid/ops4j/CAAdXmhoyHLbwWbek3iu6R%2B0wYAqpkaUR0nYSeF%2B%2BT2WFqtjYXg%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- -- ------------------ OPS4J - http://www.ops4j.org - [email protected] --- You received this message because you are subscribed to the Google Groups "OPS4J" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ops4j/B9A23575-F037-42E3-9C38-5CB0EDA9F0CB%40gmail.com.
