[jbosstools-issues] [JBoss JIRA] (JBDS-3562) Prepare for 9.0.1 (9.0.0 with patched EAP 6.4.0 BZ1281963 / CVE-2015-7501)

Martin Malina (JIRA) issues at jboss.org
Tue Dec 8 05:18:00 EST 2015 

    [ https://issues.jboss.org/browse/JBDS-3562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13138235#comment-13138235 ] 

Martin Malina commented on JBDS-3562:
-------------------------------------

I agree that 100 % would be better. But even when you're pretty sure it's the same update site that was used, you still need to check if the result is really the same to be sure. So in this case not much time would be saved. But I agree next time we should try to do better.

> Prepare for 9.0.1 (9.0.0 with patched EAP 6.4.0 BZ1281963 / CVE-2015-7501)
> --------------------------------------------------------------------------
>
>                 Key: JBDS-3562
>                 URL: https://issues.jboss.org/browse/JBDS-3562
>             Project: Developer Studio (JBoss Developer Studio)
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 9.0.0.CVE-2015-7501-GA
>            Reporter: Nick Boldt
>            Assignee: Nick Boldt
>             Fix For: 9.0.0.CVE-2015-7501-GA
>
>         Attachments: 900GAvs901GA_B6.p2diff.txt, JBDS900GA-respin_diffs__EAP640-BZ1281963.png, JBDS900GA-respin_diffs__EAP640patched-looks-the-same-as-EAP640.png, JBDS900GA-respin_diffs__EAP640patched-looks-the-same-as-EAP640__002.png, JBDS900GA-respin_diffs__google.gson_JBDSTPvsJBDSCentralTP.png, JBDS900GA-respin_diffs__google.gson_JBDSTPvsJBDSCentralTP_210_refs.png, JBDS900GA-respin_diffs__google.gson_JBDSTPvsJBDSCentralTP_224_refs.png, JBDS900GA-respin_diffs__o.e.jst.plugins.manifest.mf.png, JBDS900GA-respin_diffs__p2director.manifest.mf.png, JBDS900GA-respin_diffs__plugins_including_gson2.1.0vs.2.2.4.png, JBDS900GA-respin_diffs__readme.txt.png
>
>
> Tracker JIRA to house things to do to prepare for 9.0.1 / 9.1.0 branches & builds.
> Because JBDS 9.0.0 includes the compromised version of
> apache.commons.collections (JBDS-3560, JBDS-3561), we need to at some point respin it, which
> will include:
> a) updated JBT/JBDS target platforms 4.50.1.* and 4.51.1.*
> b) repin of JBDS update sites and installer jars
> To that end, I've created the following new branches:
> https://github.com/jbosstools/jbosstools-target-platforms/commits/4.50.1.x
> https://github.com/jbosstools/jbosstools-target-platforms/commits/4.51.1.x
> And I've bumped the version of the target platforms in the 4.50.x and
> 4.51.x branches to 4.50.2.Beta1-SNAPSHOT and 4.51.2.Beta1-SNAPSHOT,
> respectively.
> JBDS is now at version 9.1.0 in the 4.3.x branch and 9.0.1 in the
> 4.3.1.x branch.
> https://github.com/jbdevstudio/jbdevstudio-product/commits/jbosstools-4.3.1.x
> (new, 9.0.1)
> https://github.com/jbdevstudio/jbdevstudio-product/commits/jbosstools-4.3.x
> (updated to 9.1.0)
> So, now we just need to ensure that the correct BUILD_ALIAS (CR1 for
> 9.0.1, Beta1 for 9.1.0) and target platforms are used.



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jbosstools-issues mailing list