[jbosstools-issues] [JBoss JIRA] (JBDS-3562) Prepare for 9.0.1 (9.0.0 with patched EAP 6.4.0 BZ1281963 / CVE-2015-7501)

Nick Boldt (JIRA) issues at jboss.org
Tue Dec 8 12:43:00 EST 2015 

    [ https://issues.jboss.org/browse/JBDS-3562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13138596#comment-13138596 ] 

Nick Boldt commented on JBDS-3562:
----------------------------------

TL;DR: 

after spending a few days to concoct a special, one-off solution to doing a rebuild of JUST the installers (first time ever) based on a previous GA release... 

even when there's an explanation in a JIRA for slight deviations from 100% identicalness, and QE accepts it and signs off on it... 

some people are not satisfied and feel compelled to post snarky comments.

It would have taken less effort and time to simply state "The staged build for QE is unacceptable; we need a respin."



> Prepare for 9.0.1 (9.0.0 with patched EAP 6.4.0 BZ1281963 / CVE-2015-7501)
> --------------------------------------------------------------------------
>
>                 Key: JBDS-3562
>                 URL: https://issues.jboss.org/browse/JBDS-3562
>             Project: Developer Studio (JBoss Developer Studio)
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 9.0.0.CVE-2015-7501-GA
>            Reporter: Nick Boldt
>            Assignee: Nick Boldt
>             Fix For: 9.0.0.CVE-2015-7501-GA
>
>         Attachments: 900GAvs901GA_B6.p2diff.txt, JBDS900GA-respin_diffs__EAP640-BZ1281963.png, JBDS900GA-respin_diffs__EAP640patched-looks-the-same-as-EAP640.png, JBDS900GA-respin_diffs__EAP640patched-looks-the-same-as-EAP640__002.png, JBDS900GA-respin_diffs__google.gson_JBDSTPvsJBDSCentralTP.png, JBDS900GA-respin_diffs__google.gson_JBDSTPvsJBDSCentralTP_210_refs.png, JBDS900GA-respin_diffs__google.gson_JBDSTPvsJBDSCentralTP_224_refs.png, JBDS900GA-respin_diffs__o.e.jst.plugins.manifest.mf.png, JBDS900GA-respin_diffs__p2director.manifest.mf.png, JBDS900GA-respin_diffs__plugins_including_gson2.1.0vs.2.2.4.png, JBDS900GA-respin_diffs__readme.txt.png
>
>
> Tracker JIRA to house things to do to prepare for 9.0.1 / 9.1.0 branches & builds.
> Because JBDS 9.0.0 includes the compromised version of
> apache.commons.collections (JBDS-3560, JBDS-3561), we need to at some point respin it, which
> will include:
> a) updated JBT/JBDS target platforms 4.50.1.* and 4.51.1.*
> b) repin of JBDS update sites and installer jars
> To that end, I've created the following new branches:
> https://github.com/jbosstools/jbosstools-target-platforms/commits/4.50.1.x
> https://github.com/jbosstools/jbosstools-target-platforms/commits/4.51.1.x
> And I've bumped the version of the target platforms in the 4.50.x and
> 4.51.x branches to 4.50.2.Beta1-SNAPSHOT and 4.51.2.Beta1-SNAPSHOT,
> respectively.
> JBDS is now at version 9.1.0 in the 4.3.x branch and 9.0.1 in the
> 4.3.1.x branch.
> https://github.com/jbdevstudio/jbdevstudio-product/commits/jbosstools-4.3.1.x
> (new, 9.0.1)
> https://github.com/jbdevstudio/jbdevstudio-product/commits/jbosstools-4.3.x
> (updated to 9.1.0)
> So, now we just need to ensure that the correct BUILD_ALIAS (CR1 for
> 9.0.1, Beta1 for 9.1.0) and target platforms are used.



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jbosstools-issues mailing list