[JBoss JIRA] (JBDS-3562) Prepare for 9.0.1 (9.0.0 with patched EAP 6.4.0 BZ1281963 / CVE-2015-7501)

Tuesday, 8 December 2015

    [
https://issues.jboss.org/browse/JBDS-3562?page=com.atlassian.jira.plugin....
] 

Max Rydahl Andersen commented on JBDS-3562:
-------------------------------------------

Personally I would have preferred we went to 100% since it should be so trivial to do so
(just don't point to diferent updatesites than used during our build).

The gson is just weird, the wst difference is scary. But since you did the due diligence
to check it we know it is okey.

But imagine how much easier it would be if our builds was just 100% reproducible and we
could verify 100% it is the same - then no need for evaluating and discussing if it is a
relevant difference or not.

Thus in short - Fine to release it since we now spent time verifying it is a minor
difference; but I want us to go for doing this kind of release better and simpler in
future.

...
 Prepare for 9.0.1 (9.0.0 with patched EAP 6.4.0 BZ1281963 /
CVE-2015-7501)
 --------------------------------------------------------------------------

                 Key: JBDS-3562
                 URL: https://issues.jboss.org/browse/JBDS-3562
             Project: Developer Studio (JBoss Developer Studio)
          Issue Type: Bug
          Components: build
    Affects Versions: 9.0.0.CVE-2015-7501-GA
            Reporter: Nick Boldt
            Assignee: Nick Boldt
             Fix For: 9.0.0.CVE-2015-7501-GA

         Attachments: 900GAvs901GA_B6.p2diff.txt,
JBDS900GA-respin_diffs__EAP640-BZ1281963.png,
JBDS900GA-respin_diffs__EAP640patched-looks-the-same-as-EAP640.png,
JBDS900GA-respin_diffs__EAP640patched-looks-the-same-as-EAP640__002.png,
JBDS900GA-respin_diffs__google.gson_JBDSTPvsJBDSCentralTP.png,
JBDS900GA-respin_diffs__google.gson_JBDSTPvsJBDSCentralTP_210_refs.png,
JBDS900GA-respin_diffs__google.gson_JBDSTPvsJBDSCentralTP_224_refs.png,
JBDS900GA-respin_diffs__o.e.jst.plugins.manifest.mf.png,
JBDS900GA-respin_diffs__p2director.manifest.mf.png,
JBDS900GA-respin_diffs__plugins_including_gson2.1.0vs.2.2.4.png,
JBDS900GA-respin_diffs__readme.txt.png

 Tracker JIRA to house things to do to prepare for 9.0.1 / 9.1.0 branches & builds.
 Because JBDS 9.0.0 includes the compromised version of
 apache.commons.collections (JBDS-3560, JBDS-3561), we need to at some point respin it,
which
 will include:
 a) updated JBT/JBDS target platforms 4.50.1.* and 4.51.1.*
 b) repin of JBDS update sites and installer jars
 To that end, I've created the following new branches:
 https://github.com/jbosstools/jbosstools-target-platforms/commits/4.50.1.x
 https://github.com/jbosstools/jbosstools-target-platforms/commits/4.51.1.x
 And I've bumped the version of the target platforms in the 4.50.x and
 4.51.x branches to 4.50.2.Beta1-SNAPSHOT and 4.51.2.Beta1-SNAPSHOT,
 respectively.
 JBDS is now at version 9.1.0 in the 4.3.x branch and 9.0.1 in the
 4.3.1.x branch.
 https://github.com/jbdevstudio/jbdevstudio-product/commits/jbosstools-4.3...
 (new, 9.0.1)
 https://github.com/jbdevstudio/jbdevstudio-product/commits/jbosstools-4.3.x
 (updated to 9.1.0)
 So, now we just need to ensure that the correct BUILD_ALIAS (CR1 for
 9.0.1, Beta1 for 9.1.0) and target platforms are used. 

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006