[prev in list] [next in list] [prev in thread] [next in thread]
List: openejb-development
Subject: Re: [VOTE] Release javaee-api 8.0-4
From: "Jenkins, Rodney J (Rod)" <JENKIR14 () nationwide ! com>
Date: 2020-02-26 17:57:42
Message-ID: 987D274B-5B83-491B-BA51-B6248DD2974A () nationwide ! com
[Download RAW message or body]
> > >
With mod_proxy_ajp you should be able to add
secret=jonssupersecretpassphrase to ProxyPass etc, but this only made it to
the 2.4.x branch of httpd two days ago:
https://github.com/apache/httpd/commit/d8b6d798c177dfdb90cef1a29395afcc043f3c86.
<<<
Find this interesting as I did not update apache recently. I am wondering if that \
change is already made its way in to the CentOS rpm. That was the syntax I used to \
solve.
I think I need to do some more research.....
Rod.
On 2/26/20, 11:05 AM, "Jonathan Gallimore" <jonathan.gallimore@gmail.com> wrote:
Nationwide Information Security Warning: This is an external email. Do not click \
on links or open attachments unless you trust the sender.
------------------------------------------------------------------------------
> I am not sure that I am a voting member
Everyone is encouraged to vote. Release votes require 3 binding +1 votes.
"Binding" means from a PMC member. You should not let that discourage you
from voting, however. Your feedback is as important as anyone else's, and
if you find a functional or legal issue, then a -1 vote with an explanation
is appreciated.
> but moving to Tomcat .31 and .51 mayb be bumpy if using the AJP protocol.
This vote is only for the Java EE API jar itself, and won't impact the AJP
side of things. When it comes to the actual TomEE release itself - you are
correct - we will need to call out the config changes needed for AJP. There
isn't a way around it - the AJP changes address a recent CVE. It'll likely
be me putting out the TomEE releases after this API jar release, and I'll
provide the details with the settings. I've already run into the AJP
changes here.
> One requires quotes, the other does not. As far as I know there is not
any good examples/sample I could find in google.
Right. The server.xml config in Tomcat requires quotes, as its an XML
attribute. Mod_jk's config is like this:
worker.<workername>.secret=<secret>
for example:
worker.list=worker1
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
worker.worker1.secret=jonssupersecretpassphrase
With mod_proxy_ajp you should be able to add
secret=jonssupersecretpassphrase to ProxyPass etc, but this only made it to
the 2.4.x branch of httpd two days ago:
https://github.com/apache/httpd/commit/d8b6d798c177dfdb90cef1a29395afcc043f3c86.
(here's
the commit for master / 2.5:
https://github.com/apache/httpd/commit/b6f596343827f7184b884de2fc3921368744e2e0).
Looks like there might be a new 2.4.x httpd release soon.
Jon
On Wed, Feb 26, 2020 at 4:37 PM Jenkins, Rodney J (Rod) <
JENKIR14@nationwide.com> wrote:
> I am not sure that I am a voting member and probably does not apply to
> this release, but moving to Tomcat .31 and .51 mayb be bumpy if using the
> AJP protocol.
>
> Tomcat changed the default secretRequired to be true. However, what they
> do not tell you is you need to add a secret to the server xml AND the httpd
> config.
>
> One note I learned the hard way on syntax:
> Tomcat server.xml looks like: secret="some_string"
> http config looks like: secret=some_string.
>
> One requires quotes, the other does not. As far as I know there is not
> any good examples/sample I could find in google.
>
> Thanks,
> Rod.
>
>
> On 2/25/20, 2:10 PM, "Jonathan Gallimore" <jonathan.gallimore@gmail.com>
> wrote:
>
> Nationwide Information Security Warning: This is an external email. Do
> not click on links or open attachments unless you trust the sender.
>
> ------------------------------------------------------------------------------
>
> Hi
>
> This is a vote for an updated Java EE spec jar, with one single change
> over
> javaee-api:8.0-3, which is to use the Tomcat API libraries from 9.0.31
> as
> opposed to 9.0.22.
>
> This is required to fix an issue in the TomEE builds
> where javax.el.ExpressionFactory#getClassNameServices was returning the
> first line of the ASF license header as opposed to a class name, and
> this
> being released is a pre-requisite for any further TomEE releases.
>
> *SVN TAG*
>
> https://svn.apache.org/repos/asf/tomee/javaee-api/tags/javaee-api-8.0-4/
>
> *Sources*
>
> https://repository.apache.org/service/local/repositories/orgapachetomee-1162/content/org/apache/tomee/javaee-api/8.0-4/javaee-api-8.0-4-source-release.zip
>
> *Binaries*
>
> https://repository.apache.org/service/local/repositories/orgapachetomee-1162/content/org/apache/tomee/javaee-api/8.0-4/javaee-api-8.0-4.zip
>
> please VOTE
> [+1] all fine, ship it
> [+0] don't care
> [-1] stop, because ${reason}
>
> The VOTE is open for 72h. Here's my +1.
>
> Many thanks
>
> Jon
>
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic