[jbosstools-issues] [JBoss JIRA] (JBDS-3562) Prepare for 9.0.1 (9.0.0 with patched EAP 6.4.0 BZ1281963 / CVE-2015-7501)
Martin Malina (JIRA)
issues at jboss.org
Tue Dec 8 04:42:00 EST 2015
[ https://issues.jboss.org/browse/JBDS-3562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13138188#comment-13138188 ]
Martin Malina commented on JBDS-3562:
-------------------------------------
[~maxandersen], it's not out yet. Looking at the ticket [1] it should be ready on CSP staging when Chris O'Brien gets online this morning (not sure where he is, probably US eastern time). So we could still rebuild using the correct update site, but it would delay it for a day (or two) I assume.
[1] https://engineering.redhat.com/rt/Ticket/Display.html?id=382279
> Prepare for 9.0.1 (9.0.0 with patched EAP 6.4.0 BZ1281963 / CVE-2015-7501)
> --------------------------------------------------------------------------
>
> Key: JBDS-3562
> URL: https://issues.jboss.org/browse/JBDS-3562
> Project: Developer Studio (JBoss Developer Studio)
> Issue Type: Bug
> Components: build
> Affects Versions: 9.0.0.CVE-2015-7501-GA
> Reporter: Nick Boldt
> Assignee: Nick Boldt
> Fix For: 9.0.0.CVE-2015-7501-GA
>
> Attachments: 900GAvs901GA_B6.p2diff.txt, JBDS900GA-respin_diffs__EAP640-BZ1281963.png, JBDS900GA-respin_diffs__EAP640patched-looks-the-same-as-EAP640.png, JBDS900GA-respin_diffs__EAP640patched-looks-the-same-as-EAP640__002.png, JBDS900GA-respin_diffs__google.gson_JBDSTPvsJBDSCentralTP.png, JBDS900GA-respin_diffs__google.gson_JBDSTPvsJBDSCentralTP_210_refs.png, JBDS900GA-respin_diffs__google.gson_JBDSTPvsJBDSCentralTP_224_refs.png, JBDS900GA-respin_diffs__o.e.jst.plugins.manifest.mf.png, JBDS900GA-respin_diffs__p2director.manifest.mf.png, JBDS900GA-respin_diffs__plugins_including_gson2.1.0vs.2.2.4.png, JBDS900GA-respin_diffs__readme.txt.png
>
>
> Tracker JIRA to house things to do to prepare for 9.0.1 / 9.1.0 branches & builds.
> Because JBDS 9.0.0 includes the compromised version of
> apache.commons.collections (JBDS-3560, JBDS-3561), we need to at some point respin it, which
> will include:
> a) updated JBT/JBDS target platforms 4.50.1.* and 4.51.1.*
> b) repin of JBDS update sites and installer jars
> To that end, I've created the following new branches:
> https://github.com/jbosstools/jbosstools-target-platforms/commits/4.50.1.x
> https://github.com/jbosstools/jbosstools-target-platforms/commits/4.51.1.x
> And I've bumped the version of the target platforms in the 4.50.x and
> 4.51.x branches to 4.50.2.Beta1-SNAPSHOT and 4.51.2.Beta1-SNAPSHOT,
> respectively.
> JBDS is now at version 9.1.0 in the 4.3.x branch and 9.0.1 in the
> 4.3.1.x branch.
> https://github.com/jbdevstudio/jbdevstudio-product/commits/jbosstools-4.3.1.x
> (new, 9.0.1)
> https://github.com/jbdevstudio/jbdevstudio-product/commits/jbosstools-4.3.x
> (updated to 9.1.0)
> So, now we just need to ensure that the correct BUILD_ALIAS (CR1 for
> 9.0.1, Beta1 for 9.1.0) and target platforms are used.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jbosstools-issues
mailing list