'Re: [VOTE] Release activemq-nms-openwire 2.1.0-rc1'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       activemq-dev
Subject:    Re: [VOTE] Release activemq-nms-openwire 2.1.0-rc1
From:       jgenender () apache ! org
Date:       2023-02-27 15:13:59
Message-ID: 3626D8BE-55CE-4827-8F0F-7824345AE24C () apache ! org
[Download RAW message or body]

Yeah it actually should be on both.  private@ is where the vote actually counts.  dev@ is for keeping it public.

Jeff

> On Feb 27, 2023, at 8:10 AM, Bruce Snyder <bruce.snyder@gmail.com> wrote:
> 
> Whoops, now I see it's on both. My mistake.
> 
> Bruce
> 
> On Mon, Feb 27, 2023 at 8:09 AM Bruce Snyder <bruce.snyder@gmail.com> wrote:
> 
>> This vote should be moved to the dev@ list.
>> 
>> Bruce
>> 
>> On Sun, Feb 26, 2023 at 4:09 AM Havret <havret@apache.org> wrote:
>> 
>>> Hi all,
>>> 
>>> I have put together another release of activemq-nms-openwire. Please
>>> review
>>> it and vote accordingly.
>>> 
>>> This release includes an important new feature that allows users to
>>> specify
>>> an allow/deny list of types for binary serialization. This can help
>>> prevent
>>> potential security vulnerabilities.
>>> 
>>> The feature is implemented in the same way as in qpid-jms, using a
>>> deserialization policy that controls which types can be trusted for
>>> deserialization from an incoming NMS IObjectMessage containing serialized
>>> .NET Object content. By default, all types are trusted during
>>> deserialization. However, the default Deserialization Policy object
>>> provides URI options for specifying an allow list and a deny list of .NET
>>> classes or namespaces.
>>> 
>>> The following options are available:
>>> 
>>> - nms.deserializationPolicy.allowList: A comma-separated list of
>>> classes/namespaces that are allowed during deserialization, unless they
>>> are
>>> overridden by the deny list. Names in this list are not pattern values;
>>> the
>>> exact class or namespace name must be configured (e.g.
>>> "System.Collections.Queue" or "System.Collections"). Namespace matches
>>> include sub-namespaces. The default is to allow all.
>>> - nms.deserializationPolicy.denyList: A comma-separated list of
>>> classes/namespaces that are rejected during deserialization. Names in this
>>> list are not pattern values; the exact class or namespace name must be
>>> configured (e.g. "System.Collections.Queue" or "System.Collections").
>>> Namespace matches include sub-namespaces. The default is to reject none.
>>> 
>>> This release contains the following change:
>>> *
>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311201&version=12352935
>>> <
>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311201&version=12352935
>>>> *
>>> 
>>> The files can be grabbed from:
>>> 
>>> https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-openwire/2.1.0-rc1/
>>> 
>>> Regards,
>>> Chris
>>> 
>>> Here's mine +1 (binding)
>>> 
>> 
>> 
>> --
>> perl -e 'print
>> unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E<D\!G;6%I;\"YC;VT*" );'
>> http://bsnyder.org/ <http://bruceblog.org/>
>> 
> 
> 
> -- 
> perl -e 'print
> unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E<D\!G;6%I;\"YC;VT*" );'
> http://bsnyder.org/ <http://bruceblog.org/>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic