[jbosstools-issues] [JBoss JIRA] (JBDS-3314) Include JGit security patch

Martin Malina (JIRA) issues at jboss.org
Thu Jan 15 05:22:49 EST 2015 

     [ https://issues.jboss.org/browse/JBDS-3314?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Malina updated JBDS-3314:
--------------------------------
    Attachment: jbds-git-update.png


With JBDS, the update is pretty straightforward.
After I added the staging 8.0 repo to my JBDS 8.0.1 install and then clicked Check for updates, I was shown the 8.0.2 update including this jgit/egit update:
!jbds-git-update.png!

With JBoss Tools it's a bit tricky.
First, the git security update is already included in the standard eclipse update site that everybody has set up by default, so chances are the user will have the update before we release JBoss Tools 4.2.2.
Second, when I tried to verify this, I installed 4.2.1 from the stable url first, but it turns out that this already contains the new TP including the git security fix [1], so I couldn't really check if the update will work - when I installed JBT 4.2.1 on top of vanilla Eclipse Java EE, the git fix was already there.

[1] http://download.jboss.org/jbosstools/updates/stable/luna/ points to http://download.jboss.org/jbosstools/targetplatforms/jbosstoolstarget/luna/ which already contains the just released TP.

> Include JGit security patch
> ---------------------------
>
>                 Key: JBDS-3314
>                 URL: https://issues.jboss.org/browse/JBDS-3314
>             Project: Developer Studio (JBoss Developer Studio)
>          Issue Type: Bug
>          Components: build, target-platform
>    Affects Versions: 8.0.1.GA
>            Reporter: Mickael Istria
>            Assignee: Mickael Istria
>            Priority: Critical
>             Fix For: 8.0.2.GA
>
>         Attachments: jbds-git-update.png
>
>
> A vulnerability was announced in most Git clients (including JGit).
> JGit has provided a new version that fixes this vulnerability, and this has been included in a rebuild of Luna SR1. We should include it.
> https://mmilinkov.wordpress.com/2015/01/12/eclipse-ships-luna-sr1a-git-security-release/



--
This message was sent by Atlassian JIRA
(v6.3.11#6341)

More information about the jbosstools-issues mailing list