July 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-1649) RBAC constraint config modifications will fail in a mixed domain if the modified constraint is not present in the legacy slave

by Brian Stansberry (JIRA)

Brian Stansberry created WFCORE-1649: ---------------------------------------- Summary: RBAC constraint config modifications will fail in a mixed domain if the modified constraint is not present in the legacy slave Key: WFCORE-1649 URL: https://issues.jboss.org/browse/WFCORE-1649 Project: WildFly Core Issue Type: Bug Components: Domain Management Reporter: Brian Stansberry Priority: Critical Fix For: 3.0.0.Beta1 The management model for RBAC constraints is maintained using synthetic resources, with resources only existing for those items (SensitivityClassification and ApplicationClassification) that are registered in the current process. Operations that touch classifications unknown to that process will fail due to missing resource problems. This is a big problem in the following scenarios: 1) Mixed domain, where legacy slaves do not know about newly introduced classifications. 2) Slimming scenarios where slaves are ignoring unrelated parts of the domain wide config and also don't have some extension installed, resulting in classifications registered by those extensions not being present. A partial workaround to 1) is for the kernel to register transformers for newly introduced classifications (e.g. SERVER_SSL added in EAP 6.4.7 and EAP 7). But: -- that doesn't help with problem 2) -- only the kernel can register kernel transformers, so if extensions add new classifications there is no way for them to register the transformer. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (LOGMGR-142) Default app-name value of Syslog handler in Audit Logging violates specification

by James Perkins (JIRA)

[ https://issues.jboss.org/browse/LOGMGR-142?page=com.atlassian.jira.plugin... ] James Perkins moved WFCORE-1648 to LOGMGR-142: ---------------------------------------------- Project: JBoss Log Manager (was: WildFly Core) Key: LOGMGR-142 (was: WFCORE-1648) Component/s: (was: Domain Management) Affects Version/s: (was: 3.0.0.Alpha3) > Default app-name value of Syslog handler in Audit Logging violates specification > -------------------------------------------------------------------------------- > > Key: LOGMGR-142 > URL: https://issues.jboss.org/browse/LOGMGR-142 > Project: JBoss Log Manager > Issue Type: Bug > Reporter: Jan Tymel > Assignee: Ken Wills > > According to syslog specification[1] {{app-name}} cannot contain space character (" "). However, the default value in WildFly Core 3.0.0.Alpha3 is {{WildFly Core}}. This results in the syslog server is not able to capture Process ID from which the message was sent. > E.g. following piece of information is captured {{WildFly[Core] (...)}} instead of {{WildFlyCore[795]}} > Suggestions for improvement: > Change default value {{WildFly Core}} to one without space character. > Also please consider addition of check whether {{app-name}} contains space character. > [1] https://tools.ietf.org/html/rfc5424#page-8 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (LOGMGR-142) Default app-name value of Syslog handler in Audit Logging violates specification

by James Perkins (JIRA)

[ https://issues.jboss.org/browse/LOGMGR-142?page=com.atlassian.jira.plugin... ] James Perkins reassigned LOGMGR-142: ------------------------------------ Assignee: James Perkins (was: Ken Wills) > Default app-name value of Syslog handler in Audit Logging violates specification > -------------------------------------------------------------------------------- > > Key: LOGMGR-142 > URL: https://issues.jboss.org/browse/LOGMGR-142 > Project: JBoss Log Manager > Issue Type: Bug > Reporter: Jan Tymel > Assignee: James Perkins > > According to syslog specification[1] {{app-name}} cannot contain space character (" "). However, the default value in WildFly Core 3.0.0.Alpha3 is {{WildFly Core}}. This results in the syslog server is not able to capture Process ID from which the message was sent. > E.g. following piece of information is captured {{WildFly[Core] (...)}} instead of {{WildFlyCore[795]}} > Suggestions for improvement: > Change default value {{WildFly Core}} to one without space character. > Also please consider addition of check whether {{app-name}} contains space character. > [1] https://tools.ietf.org/html/rfc5424#page-8 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1648) Default app-name value of Syslog handler in Audit Logging violates specification

by James Perkins (JIRA)

James Perkins created WFCORE-1648: ------------------------------------- Summary: Default app-name value of Syslog handler in Audit Logging violates specification Key: WFCORE-1648 URL: https://issues.jboss.org/browse/WFCORE-1648 Project: WildFly Core Issue Type: Bug Components: Domain Management Affects Versions: 3.0.0.Alpha3 Reporter: Jan Tymel Assignee: Ken Wills According to syslog specification[1] {{app-name}} cannot contain space character (" "). However, the default value in WildFly Core 3.0.0.Alpha3 is {{WildFly Core}}. This results in the syslog server is not able to capture Process ID from which the message was sent. E.g. following piece of information is captured {{WildFly[Core] (...)}} instead of {{WildFlyCore[795]}} Suggestions for improvement: Change default value {{WildFly Core}} to one without space character. Also please consider addition of check whether {{app-name}} contains space character. [1] https://tools.ietf.org/html/rfc5424#page-8 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1647) Default app-name value of Syslog handler in Audit Logging violates specification

by James Perkins (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1647?page=com.atlassian.jira.plugi... ] James Perkins commented on WFCORE-1647: --------------------------------------- I think you're correct [~luck3y]. So ignore me this looks good. > Default app-name value of Syslog handler in Audit Logging violates specification > -------------------------------------------------------------------------------- > > Key: WFCORE-1647 > URL: https://issues.jboss.org/browse/WFCORE-1647 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management > Affects Versions: 3.0.0.Alpha3 > Reporter: Jan Tymel > Assignee: Ken Wills > > According to syslog specification[1] {{app-name}} cannot contain space character (" "). However, the default value in WildFly Core 3.0.0.Alpha3 is {{WildFly Core}}. This results in the syslog server is not able to capture Process ID from which the message was sent. > E.g. following piece of information is captured {{WildFly[Core] (...)}} instead of {{WildFlyCore[795]}} > Suggestions for improvement: > Change default value {{WildFly Core}} to one without space character. > Also please consider addition of check whether {{app-name}} contains space character. > [1] https://tools.ietf.org/html/rfc5424#page-8 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-6713) Upgrade Jackson to 2.7.4 due to CVE-2016-3720

by Alessio Soldano (JIRA)

[ https://issues.jboss.org/browse/WFLY-6713?page=com.atlassian.jira.plugin.... ] Alessio Soldano updated WFLY-6713: ---------------------------------- Fix Version/s: 10.1.0.Final > Upgrade Jackson to 2.7.4 due to CVE-2016-3720 > --------------------------------------------- > > Key: WFLY-6713 > URL: https://issues.jboss.org/browse/WFLY-6713 > Project: WildFly > Issue Type: Component Upgrade > Components: REST > Reporter: Juergen Zimmermann > Assignee: Alessio Soldano > Fix For: 10.1.0.Final > > > Jackson 2.7.3 is currently used, but reported at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3720 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1647) Default app-name value of Syslog handler in Audit Logging violates specification

by Ken Wills (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1647?page=com.atlassian.jira.plugi... ] Ken Wills commented on WFCORE-1647: ----------------------------------- So in this case, the header is assembled with: HEADER = PRI VERSION SP TIMESTAMP SP HOSTNAME SP APP-NAME SP PROCID SP MSGID So inclusion of spaces (or un-escaped spaces, but those would be annoying to grep on IMO), will put the next token into procid. > Default app-name value of Syslog handler in Audit Logging violates specification > -------------------------------------------------------------------------------- > > Key: WFCORE-1647 > URL: https://issues.jboss.org/browse/WFCORE-1647 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management > Affects Versions: 3.0.0.Alpha3 > Reporter: Jan Tymel > Assignee: Ken Wills > > According to syslog specification[1] {{app-name}} cannot contain space character (" "). However, the default value in WildFly Core 3.0.0.Alpha3 is {{WildFly Core}}. This results in the syslog server is not able to capture Process ID from which the message was sent. > E.g. following piece of information is captured {{WildFly[Core] (...)}} instead of {{WildFlyCore[795]}} > Suggestions for improvement: > Change default value {{WildFly Core}} to one without space character. > Also please consider addition of check whether {{app-name}} contains space character. > [1] https://tools.ietf.org/html/rfc5424#page-8 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-6831) Upgrade to RESTEasy 3.0.18.Final

by Alessio Soldano (JIRA)

Alessio Soldano created WFLY-6831: ------------------------------------- Summary: Upgrade to RESTEasy 3.0.18.Final Key: WFLY-6831 URL: https://issues.jboss.org/browse/WFLY-6831 Project: WildFly Issue Type: Component Upgrade Components: REST Reporter: Alessio Soldano Assignee: Alessio Soldano Fix For: 10.1.0.Final -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-6713) Upgrade Jackson to 2.7.4 due to CVE-2016-3720

by Alessio Soldano (JIRA)

[ https://issues.jboss.org/browse/WFLY-6713?page=com.atlassian.jira.plugin.... ] Alessio Soldano commented on WFLY-6713: --------------------------------------- We're not directly affected by the vulnerability, however we're going to upgrade to 2.7.4 which contains the cve fix. > Upgrade Jackson to 2.7.4 due to CVE-2016-3720 > --------------------------------------------- > > Key: WFLY-6713 > URL: https://issues.jboss.org/browse/WFLY-6713 > Project: WildFly > Issue Type: Component Upgrade > Components: REST > Reporter: Juergen Zimmermann > Assignee: Alessio Soldano > > Jackson 2.7.3 is currently used, but reported at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3720 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-6713) Upgrade Jackson to 2.7.4 due to CVE-2016-3720

by Alessio Soldano (JIRA)

[ https://issues.jboss.org/browse/WFLY-6713?page=com.atlassian.jira.plugin.... ] Alessio Soldano updated WFLY-6713: ---------------------------------- Description: Jackson 2.7.3 is currently used, but reported at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3720 (was: Jackson 2.7.4 is currently used, but reported at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3720) > Upgrade Jackson to 2.7.4 due to CVE-2016-3720 > --------------------------------------------- > > Key: WFLY-6713 > URL: https://issues.jboss.org/browse/WFLY-6713 > Project: WildFly > Issue Type: Component Upgrade > Components: REST > Reporter: Juergen Zimmermann > Assignee: Alessio Soldano > > Jackson 2.7.3 is currently used, but reported at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3720 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2016