January 2017 - jbosstools-issues - Jboss List Archives

[JBoss JIRA] (JBDS-4237) Generate CVE vulnerability report for devstudio

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBDS-4237?page=com.atlassian.jira.plugin.... ] Nick Boldt updated JBDS-4237: ----------------------------- Fix Version/s: 10.3.0.AM2 (was: 10.3.0.AM1) > Generate CVE vulnerability report for devstudio > ----------------------------------------------- > > Key: JBDS-4237 > URL: https://issues.jboss.org/browse/JBDS-4237 > Project: Red Hat JBoss Developer Studio (devstudio) > Issue Type: Bug > Components: build, versionwatch > Affects Versions: 10.3.0.AM1 > Reporter: Nick Boldt > Assignee: Nick Boldt > Fix For: 10.3.0.AM2 > > Attachments: Screenshot_2017-01-10_18-58-03.png, Screenshot_2017-01-10_19-04-45.png > > > 0. download http://dl.bintray.com/jeremy-long/owasp/dependency-check-1.4.4-release.zip > 1. download latest CI build update site zip, target platform zip, central zip, etc. > 2. unpack update site zips > 3. unpack dep-check zip > 4. generate CVE report for each fetched zip: > {code} > ./dependency-check.sh --disableAssembly -s /path/to/update-site/plugins/ --project devstudio_check -o WORKSPACE/path/to/report/folder/ > {code} > Should use https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin for better reporting and maybe even enable this on every project job (once moved to CCI Jenkins). -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBDS-4237) Generate CVE vulnerability report for devstudio

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBDS-4237?page=com.atlassian.jira.plugin.... ] Nick Boldt commented on JBDS-4237: ---------------------------------- Have split the reporting into 6 files (devstudio, central, earlyaccess, and 3x target platforms) and have generated reports & analysis. Build is set to yellow (UNSTABLE) because there are 2,112 warnings (539 of them HIGH priority). Here's the latest report [1]. And here's a trend chart, which can track how we get better/worse at this, on the bottom of the job's main page [2]: !Screenshot_2017-01-10_18-58-03.png|thumbnail! [1] https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/All/job... [2] https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/All/job... [~jeffmaury] What would you like to do about these CVE vulnerabilities? Should we pick some of the HIGH priority ones and try to get them fixed in jbosstools or at eclipse / in Orbit? > Generate CVE vulnerability report for devstudio > ----------------------------------------------- > > Key: JBDS-4237 > URL: https://issues.jboss.org/browse/JBDS-4237 > Project: Red Hat JBoss Developer Studio (devstudio) > Issue Type: Bug > Components: build, versionwatch > Affects Versions: 10.3.0.AM1 > Reporter: Nick Boldt > Assignee: Nick Boldt > Fix For: 10.3.0.AM1 > > Attachments: Screenshot_2017-01-10_18-58-03.png > > > 0. download http://dl.bintray.com/jeremy-long/owasp/dependency-check-1.4.4-release.zip > 1. download latest CI build update site zip, target platform zip, central zip, etc. > 2. unpack update site zips > 3. unpack dep-check zip > 4. generate CVE report for each fetched zip: > {code} > ./dependency-check.sh --disableAssembly -s /path/to/update-site/plugins/ --project devstudio_check -o WORKSPACE/path/to/report/folder/ > {code} > Could also use https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin for better reporting and maybe even enable this on every project job (once moved to CCI Jenkins). -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBDS-4237) Generate CVE vulnerability report for devstudio

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBDS-4237?page=com.atlassian.jira.plugin.... ] Nick Boldt updated JBDS-4237: ----------------------------- Attachment: Screenshot_2017-01-10_19-04-45.png > Generate CVE vulnerability report for devstudio > ----------------------------------------------- > > Key: JBDS-4237 > URL: https://issues.jboss.org/browse/JBDS-4237 > Project: Red Hat JBoss Developer Studio (devstudio) > Issue Type: Bug > Components: build, versionwatch > Affects Versions: 10.3.0.AM1 > Reporter: Nick Boldt > Assignee: Nick Boldt > Fix For: 10.3.0.AM1 > > Attachments: Screenshot_2017-01-10_18-58-03.png, Screenshot_2017-01-10_19-04-45.png > > > 0. download http://dl.bintray.com/jeremy-long/owasp/dependency-check-1.4.4-release.zip > 1. download latest CI build update site zip, target platform zip, central zip, etc. > 2. unpack update site zips > 3. unpack dep-check zip > 4. generate CVE report for each fetched zip: > {code} > ./dependency-check.sh --disableAssembly -s /path/to/update-site/plugins/ --project devstudio_check -o WORKSPACE/path/to/report/folder/ > {code} > Could also use https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin for better reporting and maybe even enable this on every project job (once moved to CCI Jenkins). -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBDS-4237) Generate CVE vulnerability report for devstudio

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBDS-4237?page=com.atlassian.jira.plugin.... ] Nick Boldt edited comment on JBDS-4237 at 1/10/17 7:07 PM: ----------------------------------------------------------- Have split the reporting into 6 files (devstudio, central, earlyaccess, and 3x target platforms) and have generated reports & analysis. Build is set to yellow (UNSTABLE) because there are 2,112 warnings (539 of them HIGH priority). Here's the latest report [1]. !Screenshot_2017-01-10_19-04-45.png|thumbnail! And here's a trend chart, which can track how we get better/worse at this, on the bottom of the job's main page [2]: !Screenshot_2017-01-10_18-58-03.png|thumbnail! [1] https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/All/job... [2] https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/All/job... [~jeffmaury] What would you like to do about these CVE vulnerabilities? Should we pick some of the HIGH priority ones and try to get them fixed in jbosstools or at eclipse / in Orbit? was (Author: nickboldt): Have split the reporting into 6 files (devstudio, central, earlyaccess, and 3x target platforms) and have generated reports & analysis. Build is set to yellow (UNSTABLE) because there are 2,112 warnings (539 of them HIGH priority). Here's the latest report [1]. And here's a trend chart, which can track how we get better/worse at this, on the bottom of the job's main page [2]: !Screenshot_2017-01-10_18-58-03.png|thumbnail! [1] https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/All/job... [2] https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/All/job... [~jeffmaury] What would you like to do about these CVE vulnerabilities? Should we pick some of the HIGH priority ones and try to get them fixed in jbosstools or at eclipse / in Orbit? > Generate CVE vulnerability report for devstudio > ----------------------------------------------- > > Key: JBDS-4237 > URL: https://issues.jboss.org/browse/JBDS-4237 > Project: Red Hat JBoss Developer Studio (devstudio) > Issue Type: Bug > Components: build, versionwatch > Affects Versions: 10.3.0.AM1 > Reporter: Nick Boldt > Assignee: Nick Boldt > Fix For: 10.3.0.AM1 > > Attachments: Screenshot_2017-01-10_18-58-03.png, Screenshot_2017-01-10_19-04-45.png > > > 0. download http://dl.bintray.com/jeremy-long/owasp/dependency-check-1.4.4-release.zip > 1. download latest CI build update site zip, target platform zip, central zip, etc. > 2. unpack update site zips > 3. unpack dep-check zip > 4. generate CVE report for each fetched zip: > {code} > ./dependency-check.sh --disableAssembly -s /path/to/update-site/plugins/ --project devstudio_check -o WORKSPACE/path/to/report/folder/ > {code} > Could also use https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin for better reporting and maybe even enable this on every project job (once moved to CCI Jenkins). -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBDS-4237) Generate CVE vulnerability report for devstudio

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBDS-4237?page=com.atlassian.jira.plugin.... ] Nick Boldt updated JBDS-4237: ----------------------------- Attachment: Screenshot_2017-01-10_18-58-03.png > Generate CVE vulnerability report for devstudio > ----------------------------------------------- > > Key: JBDS-4237 > URL: https://issues.jboss.org/browse/JBDS-4237 > Project: Red Hat JBoss Developer Studio (devstudio) > Issue Type: Bug > Components: build, versionwatch > Affects Versions: 10.3.0.AM1 > Reporter: Nick Boldt > Assignee: Nick Boldt > Fix For: 10.3.0.AM1 > > Attachments: Screenshot_2017-01-10_18-58-03.png > > > 0. download http://dl.bintray.com/jeremy-long/owasp/dependency-check-1.4.4-release.zip > 1. download latest CI build update site zip, target platform zip, central zip, etc. > 2. unpack update site zips > 3. unpack dep-check zip > 4. generate CVE report for each fetched zip: > {code} > ./dependency-check.sh --disableAssembly -s /path/to/update-site/plugins/ --project devstudio_check -o WORKSPACE/path/to/report/folder/ > {code} > Could also use https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin for better reporting and maybe even enable this on every project job (once moved to CCI Jenkins). -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBDS-4233) Migrate jbosstools, devstudio, and release process jobs to Central CI

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBDS-4233?page=com.atlassian.jira.plugin.... ] Nick Boldt edited comment on JBDS-4233 at 1/10/17 6:42 PM: ----------------------------------------------------------- More plugins have been installed today into CCI to support features we have in existing jobs in Boston MW Jenkins: * build-publisher * emma * findbugs * junit-realtime-test-reporter * plot * xvfb * jira [1] Also added these extra JIRA-related plugins to see if they're useful: * jira-trigger [1] * jenkins-jira-issue-updater [1] * jira-ext [1] And I submitted updates for these already-installed plugins, which won't take effect until the next reboot: * Delivery Pipeline Plugin - delivery-pipeline-plugin [1] * GitHub Pull Request Builder - ghprb [1] * Mask Passwords Plugin - mask-passwords [1] * Matrix configuration sorter plugin [1] [1] These plugins had to be installed by first downloading the .hpi file, then uploading into CCI Jenkins. So now here's the complete list of plugins installed into CCI Jenkin v1.609.3-1: [^CCI-installed-plugins-Jenkins-1.609.3-1_list.txt] was (Author: nickboldt): More plugins have been installed today into CCI to support features we have in existing jobs in Boston MW Jenkins: * build-publisher * emma * findbugs * junit-realtime-test-reporter * plot * xvfb * jira [1] Also added these extra JIRA-related plugins to see if they're useful: * jira-trigger [1] * jenkins-jira-issue-updater [1] * jira-ext [1] And I submitted updates for these already-installed plugins, which won't take effect until the next reboot: * Delivery Pipeline Plugin - delivery-pipeline-plugin [1] * GitHub Pull Request Builder - ghprb [1] * Mask Passwords Plugin - mask-passwords [1] * Matrix configuration sorter plugin [1] [1] These plugins had to be installed by first downloading the .hpi file, then uploading into CCI Jenkins. > Migrate jbosstools, devstudio, and release process jobs to Central CI > --------------------------------------------------------------------- > > Key: JBDS-4233 > URL: https://issues.jboss.org/browse/JBDS-4233 > Project: Red Hat JBoss Developer Studio (devstudio) > Issue Type: Bug > Components: build > Reporter: Nick Boldt > Assignee: Nick Boldt > Fix For: 10.3.0.AM2, 11.0.0.AM1 > > Attachments: CCI-installed-plugins-Jenkins-1.609.3-1_list.txt > > > As Bos MW Jenkins is deprecated, it's time to migrate all the jbt 4.4.x and devstudio 10.x jobs to the new server infrastructure. Old jobs from jbt 4.3 / devstudio 9.x will not be migrated. > Installed plugins are not the same on Bos MW and CCI. We'll need to get more plugins installed on CCI to support devstudio jobs. > https://docs.google.com/spreadsheets/d/1WJV3bOdlY1unOH5i23v33V7dZKIqTbo1A... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBDS-4233) Migrate jbosstools, devstudio, and release process jobs to Central CI

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBDS-4233?page=com.atlassian.jira.plugin.... ] Nick Boldt updated JBDS-4233: ----------------------------- Attachment: CCI-installed-plugins-Jenkins-1.609.3-1_list.txt > Migrate jbosstools, devstudio, and release process jobs to Central CI > --------------------------------------------------------------------- > > Key: JBDS-4233 > URL: https://issues.jboss.org/browse/JBDS-4233 > Project: Red Hat JBoss Developer Studio (devstudio) > Issue Type: Bug > Components: build > Reporter: Nick Boldt > Assignee: Nick Boldt > Fix For: 10.3.0.AM2, 11.0.0.AM1 > > Attachments: CCI-installed-plugins-Jenkins-1.609.3-1_list.txt > > > As Bos MW Jenkins is deprecated, it's time to migrate all the jbt 4.4.x and devstudio 10.x jobs to the new server infrastructure. Old jobs from jbt 4.3 / devstudio 9.x will not be migrated. > Installed plugins are not the same on Bos MW and CCI. We'll need to get more plugins installed on CCI to support devstudio jobs. > https://docs.google.com/spreadsheets/d/1WJV3bOdlY1unOH5i23v33V7dZKIqTbo1A... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBDS-4233) Migrate jbosstools, devstudio, and release process jobs to Central CI

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBDS-4233?page=com.atlassian.jira.plugin.... ] Nick Boldt commented on JBDS-4233: ---------------------------------- More plugins have been installed today into CCI to support features we have in existing jobs in Boston MW Jenkins: * build-publisher * emma * findbugs * junit-realtime-test-reporter * plot * xvfb * jira [1] Also added these extra JIRA-related plugins to see if they're useful: * jira-trigger [1] * jenkins-jira-issue-updater [1] * jira-ext [1] And I submitted updates for these already-installed plugins, which won't take effect until the next reboot: * Delivery Pipeline Plugin - delivery-pipeline-plugin [1] * GitHub Pull Request Builder - ghprb [1] * Mask Passwords Plugin - mask-passwords [1] * Matrix configuration sorter plugin [1] [1] These plugins had to be installed by first downloading the .hpi file, then uploading into CCI Jenkins. > Migrate jbosstools, devstudio, and release process jobs to Central CI > --------------------------------------------------------------------- > > Key: JBDS-4233 > URL: https://issues.jboss.org/browse/JBDS-4233 > Project: Red Hat JBoss Developer Studio (devstudio) > Issue Type: Bug > Components: build > Reporter: Nick Boldt > Assignee: Nick Boldt > Fix For: 10.3.0.AM2, 11.0.0.AM1 > > > As Bos MW Jenkins is deprecated, it's time to migrate all the jbt 4.4.x and devstudio 10.x jobs to the new server infrastructure. Old jobs from jbt 4.3 / devstudio 9.x will not be migrated. > Installed plugins are not the same on Bos MW and CCI. We'll need to get more plugins installed on CCI to support devstudio jobs. > https://docs.google.com/spreadsheets/d/1WJV3bOdlY1unOH5i23v33V7dZKIqTbo1A... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-23651) Incremental publish to remote server throws exception

by Rob Stryker (JIRA)

[ https://issues.jboss.org/browse/JBIDE-23651?page=com.atlassian.jira.plugi... ] Rob Stryker reassigned JBIDE-23651: ----------------------------------- Assignee: Rob Stryker Resolution: Done pushed to master > Incremental publish to remote server throws exception > ----------------------------------------------------- > > Key: JBIDE-23651 > URL: https://issues.jboss.org/browse/JBIDE-23651 > Project: Tools (JBoss Tools) > Issue Type: Bug > Components: server > Affects Versions: 4.4.2.Final > Reporter: Rastislav Wagner > Assignee: Rob Stryker > Fix For: 4.4.3.AM2 > > > {code} > failed to create folder /opt/wildfly/standalone/deployments/jboss-as-kitchensink-html5-mobile.war on host jawa32g2.mw.lab.eng.brq.redhat.com > {code} > {code} > org.eclipse.rse.services.files.RemoteFileIOException: Operation failed. File system input or output error > at org.eclipse.rse.internal.services.ssh.files.SftpFileService.makeSystemMessageException(SftpFileService.java:596) > at org.eclipse.rse.internal.services.ssh.files.SftpFileService.createFolder(SftpFileService.java:1103) > at org.jboss.ide.eclipse.as.rse.core.subsystems.RSEFilesystemController$3.run(RSEFilesystemController.java:107) > at org.jboss.tools.foundation.core.jobs.BarrierProgressWaitJob.run(BarrierProgressWaitJob.java:85) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55) > {code} > Incremetal publish successfully completes (file is updated) but exception is logged in error because RSEFilesystemController is trying to create a folder on remote server which already exists (was created during full publish) -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-22878) EAR deployed from DevStudio to EAP contains errorneously named ejbs

by Rob Stryker (JIRA)

[ https://issues.jboss.org/browse/JBIDE-22878?page=com.atlassian.jira.plugi... ] Rob Stryker updated JBIDE-22878: -------------------------------- Fix Version/s: 4.5.0.AM2 (was: 4.5.0.AM1) > EAR deployed from DevStudio to EAP contains errorneously named ejbs > ------------------------------------------------------------------- > > Key: JBIDE-22878 > URL: https://issues.jboss.org/browse/JBIDE-22878 > Project: Tools (JBoss Tools) > Issue Type: Bug > Components: server > Affects Versions: 4.2.3.Final, 4.4.0.Final > Environment: I've observed this problem on a Win7 64 bit machine with Oracle JRE 1.8.0_102 64 bit. It was present in both JBoss Developer Studio 8.1.0.GA and 10.0.0.GA when used in conjunction with embedded Maven installation and JBoss EAP 6.4 target runtime. > Reporter: Mikhail Kalkov > Assignee: Rob Stryker > Fix For: 4.5.0.AM2 > > Attachments: JBIDE-22878-deployment-assembly.png, screendump.png, test-ear.ear, test-projects.zip > > > I've created a maven-based EAR project that contains serveral ejb modules some of which come from workspace whereas others are downloaded from binary artifact repository. All modules have bundleFileName specified as module-name.jar in order to override the default module-name-version.jar. > When I right-click on an EAR project and choose Export..., a correct EAR file is built, which looks exactly the same as when I build it from command line. However, when I add this project to an EAP 6.4 server, and check "Deploy projects as compressed archives" option, an EAR with erroneously named ejbs is deployed. the bundleFileName option is namely ignored for EJBs that come from binary artifact repository. See attached screenshot. > This problem makes it extremely difficult to debug issues that arise only with zipped ear deployments. The only workaround is to comment out bundleFileName lines in test-ear pom.xml as well as possibly fix filenames in persistence.xml, and remember to revert these changes before committing! -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jbosstools-issues January 2017