WildFly participation in Hacktoberfest 2024
by Ranabir Chakraborty
Hello everyone,
Exciting news! The WildFly community is ready for Hacktoberfest 2024!
Just like last year, we’re not just focusing on WildFly but also expanding
to other projects like Ansible Middleware, Elytron, WildFly Core, Undertow,
Narayana, Intersmash, PatternFly Java, WildFly GitHub bot, WildFly docker
images, and Berg. Hacktoberfest is the perfect opportunity to contribute to
Open Source, whether you’re a seasoned pro or just getting started.
Please go through the article[1] we have …
[View More]published on wildfly.org to get
more ideas. It also features an exciting variety of projects under the
WildFly umbrella. Whether your expertise lies in Java, Docker, Ansible or
TypeScript, there's a project for everyone to dive into.
Join us on this exciting journey of coding, learning, and giving back to
the community. Let's make October a month of growth and sharing in the
world of WildFly! [1]
https://www.wildfly.org/news/2024/09/23/Hacktoberfest-2024/
~
*Ranabir Chakraborty*
Senior Software Engineer (JBoss SET)
<https://red.ht/sig>
[View Less]
6 months
Re: Vulnerabilities in wildfly version 32.0.1.Final
by Pawan Verma
I used WildFly 33.0.1.Final assuming in one of our application and hoping that High vulnerability in undertow-core will be rectified.
But there is still High vulnerability in undertow-core-2.3.15.Final.jar (CVE-2024-7885).
Is it going to be rectified sooner?
Thanks,
Pawan
6 months, 1 week
Lower touch dependabot processing
by Brian Stansberry
I'd like to propose we move to a lower touch system for processing
dependabot updates.
Currently when dependabot files a PR, wildfly-bot tags various component
leads to request a review, and then often I or others tag others. (I
typically do this based on quick git grepping of module.xml to find uses.)
And then things often block with no feedback, leading to repeated checking
on the PR.
So my proposal is if you are tagged for a review on one of these, you have
two weeks to either approve or …
[View More]raise an objection via the GH PR review UI,
or put a 'hold' label on the PR and leave a comment explaining why. The
latter is basically a way of saying 'give me more time'. Then remove the
hold when done.
After 10 calendar days, PRs without objections or 'hold' statements are
free to merge.
If your component is the sole user of a particularly dependency and you
don't want dependabot managing it, send a PR updating dependabot.yaml.[1]
Thoughts?
[1] https://github.com/wildfly/wildfly/blob/main/.github/dependabot.yml
--
Brian Stansberry
Principal Architect, Red Hat JBoss EAP
WildFly Project Lead
He/Him/His
[View Less]
6 months, 1 week
WildFly Proposal - Aligning Wildfly BOMs with WildFly Distributions
by Eduardo Martins
Hello, I would like to alert everyone that relies on WildFly BOMs that a major rework of those is being proposed at https://issues.redhat.com/browse/WFLY-19464.
In short the BOMs rework aligns the BOMs with the current Wildfly Distributions (EE, Expansion, Preview EE and Preview Expansion), introducing new or updated BOMs for each of those distributions, which is something some users have been asking for some time.
You may find all details about the proposed changes in the description of …
[View More]the WFLY JIRA above, and a more low level change log at the proposal’s PR at https://github.com/wildfly/wildfly/pull/17990
For people worried about migration please note that if you use the EE (or the With Tools BOM variant) there will be no changes needed at all, now if you use the MicroProfile BOM then you will need to migrate your projects to use instead the Expansion BOM (or the With Tools BOM variant).
Last but not least please note that I would like us to introduce those changes very soon, so please have a look at it as soon as possible.
—E
[View Less]
6 months, 1 week
