Martin Grigorov | 21 Sep 17:32 2014
Picon

Wrong version in archetype's pom.xml ?!

Hi,

In current master
https://github.com/apache/isis/blob/master/example/archetype/simpleapp/pom.xml#L47
points to org.apache.isis.core:isis:1.6.0.
Is this an error in some release script/step ?
I'd expect that it uses 1.7.0-SNAPSHOT as everything else.

Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
Picon

[jira] [Commented] (ISIS-872) 1.7.0 release activities


    [
https://issues.apache.org/jira/browse/ISIS-872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14142357#comment-14142357
] 

ASF subversion and git services commented on ISIS-872:
------------------------------------------------------

Commit 8c5ce38a338492ea6f5c5e8833f86979f667c518 in isis's branch refs/heads/master from [~danhaywood]
[ https://git-wip-us.apache.org/repos/asf?p=isis.git;h=8c5ce38 ]

ISIS-872: fix json (double quotes, tabs) for SimpleObject.layout.json

> 1.7.0 release activities
> ------------------------
>
>                 Key: ISIS-872
>                 URL: https://issues.apache.org/jira/browse/ISIS-872
>             Project: Isis
>          Issue Type: Task
>          Components: Archetype: Simple WRJ, Archetype: ToDoApp WRJ, Core, Viewer: Wicket
>    Affects Versions: archetype-simpleapp-1.6.0, archetype-todoapp-1.6.0, viewer-wicket-1.6.0, core-1.6.0
>            Reporter: Dan Haywood
>            Assignee: Dan Haywood
>             Fix For: archetype-todoapp-1.7.0, archetype-simpleapp-1.7.0, viewer-wicket-1.7.0, core-1.7.0
>
>

--
This message was sent by Atlassian JIRA
(Continue reading)

Kevin Meyer (JIRA | 20 Sep 18:01 2014
Picon

[jira] [Closed] (ISIS-896) Minor issues with scripts in ~/scripts


     [
https://issues.apache.org/jira/browse/ISIS-896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kevin Meyer closed ISIS-896.
----------------------------
    Resolution: Fixed

Tested locally.

> Minor issues with scripts in ~/scripts
> --------------------------------------
>
>                 Key: ISIS-896
>                 URL: https://issues.apache.org/jira/browse/ISIS-896
>             Project: Isis
>          Issue Type: Bug
>          Components: Tool
>    Affects Versions: GIT REPO only
>            Reporter: Kevin Meyer
>            Assignee: Dan Haywood
>            Priority: Minor
>             Fix For: GIT REPO only
>
>
> Scripts in ~/scripts do not have executable status.
> Missing script for verifying release.

--
This message was sent by Atlassian JIRA
(Continue reading)

Picon

[jira] [Commented] (ISIS-896) Minor issues with scripts in ~/scripts


    [
https://issues.apache.org/jira/browse/ISIS-896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14142054#comment-14142054
] 

ASF subversion and git services commented on ISIS-896:
------------------------------------------------------

Commit b02853980df638459d0ea197ad83b198744069c3 in isis's branch refs/heads/master from Kevin
[ https://git-wip-us.apache.org/repos/asf?p=isis.git;h=b028539 ]

ISIS-896: Adding verify-isis-release.sh (for real)

> Minor issues with scripts in ~/scripts
> --------------------------------------
>
>                 Key: ISIS-896
>                 URL: https://issues.apache.org/jira/browse/ISIS-896
>             Project: Isis
>          Issue Type: Bug
>          Components: Tool
>    Affects Versions: GIT REPO only
>            Reporter: Kevin Meyer
>            Assignee: Dan Haywood
>            Priority: Minor
>             Fix For: GIT REPO only
>
>
> Scripts in ~/scripts do not have executable status.
> Missing script for verifying release.
(Continue reading)

Picon

[jira] [Commented] (ISIS-896) Minor issues with scripts in ~/scripts


    [
https://issues.apache.org/jira/browse/ISIS-896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14142041#comment-14142041
] 

ASF subversion and git services commented on ISIS-896:
------------------------------------------------------

Commit a9aa78182b73f754337ab5aaefbfeec0adf40436 in isis's branch refs/heads/master from Kevin
[ https://git-wip-us.apache.org/repos/asf?p=isis.git;h=a9aa781 ]

ISIS-896: Adding executable to shell scripts

> Minor issues with scripts in ~/scripts
> --------------------------------------
>
>                 Key: ISIS-896
>                 URL: https://issues.apache.org/jira/browse/ISIS-896
>             Project: Isis
>          Issue Type: Bug
>          Components: Tool
>    Affects Versions: GIT REPO only
>            Reporter: Kevin Meyer
>            Assignee: Dan Haywood
>            Priority: Minor
>             Fix For: GIT REPO only
>
>
> Scripts in ~/scripts do not have executable status.
> Missing script for verifying release.
(Continue reading)

Kevin Meyer (JIRA | 20 Sep 17:11 2014
Picon

[jira] [Created] (ISIS-896) Minor issues with scripts in ~/scripts

Kevin Meyer created ISIS-896:
--------------------------------

             Summary: Minor issues with scripts in ~/scripts
                 Key: ISIS-896
                 URL: https://issues.apache.org/jira/browse/ISIS-896
             Project: Isis
          Issue Type: Bug
          Components: Tool
    Affects Versions: GIT REPO only
            Reporter: Kevin Meyer
            Assignee: Dan Haywood
            Priority: Minor
             Fix For: GIT REPO only

Scripts in ~/scripts do not have executable status.
Missing script for verifying release.

--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Dan Haywood (JIRA | 17 Sep 09:39 2014
Picon

[jira] [Commented] (ISIS-884) ErrorPage vulnerable to XSS attacks.


    [
https://issues.apache.org/jira/browse/ISIS-884?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14136897#comment-14136897
] 

Dan Haywood commented on ISIS-884:
----------------------------------

Not a lot has been done since 1.6.0, my attention has been on the new isisaddons.org stuff.

Two options:
- either I could create a branch for 1.6.1 from where we are right now, and then bump that branch down to JDK 1.6.
- or, (since this is all on github), YOU could create a branch from the commit before we bumped to JDK 1.7.0
[1], and then cherry pick the relevant commits after that.  Raise a PR and I'll use that as the basis for a new release.

The second option will give you more control over when this gets done, so I'd probably prefer, and I think the
commits are reasonably clean to cherry pick, though you'd need to try it to find out.

[1] https://github.com/apache/isis/commit/9e889abd829d40805fa1118ef8d93e396f82de01

> ErrorPage vulnerable to XSS attacks.
> ------------------------------------
>
>                 Key: ISIS-884
>                 URL: https://issues.apache.org/jira/browse/ISIS-884
>             Project: Isis
>          Issue Type: Bug
>          Components: Viewer: Wicket
>    Affects Versions: viewer-wicket-1.6.0
>            Reporter: Dan Haywood
(Continue reading)

Chris Fairhall (JIRA | 17 Sep 06:21 2014
Picon

[jira] [Commented] (ISIS-884) ErrorPage vulnerable to XSS attacks.


    [
https://issues.apache.org/jira/browse/ISIS-884?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14136753#comment-14136753
] 

Chris Fairhall commented on ISIS-884:
-------------------------------------

We would prefer the quickest option. I assume that would be a 1.6.1 bug fix release?
That should give us the lowest risk as we can start the upgrade process to 1.6.0 now and there should be very
few changes between 1.6.0 and 1.6.1

> ErrorPage vulnerable to XSS attacks.
> ------------------------------------
>
>                 Key: ISIS-884
>                 URL: https://issues.apache.org/jira/browse/ISIS-884
>             Project: Isis
>          Issue Type: Bug
>          Components: Viewer: Wicket
>    Affects Versions: viewer-wicket-1.6.0
>            Reporter: Dan Haywood
>            Assignee: Dan Haywood
>            Priority: Blocker
>             Fix For: viewer-wicket-1.7.0
>
>
> The default error page (org.apache.isis.viewer.wicket.ui.pages.error.ErrorPage) is vulnerable to
XSS via org.apache.isis.viewer.wicket.ui.errors.ExceptionStackTracePanel
> In the constructor of ExceptionStackTracePanel, it adds a Label with the exception message and calls setEscapeModelStrings(false)
(Continue reading)

Picon

[jira] [Commented] (ISIS-895) HomePage should honour authorization rules.


    [
https://issues.apache.org/jira/browse/ISIS-895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14134395#comment-14134395
] 

ASF subversion and git services commented on ISIS-895:
------------------------------------------------------

Commit 5cd8afdd4a24451c1fecc3f8992bf450931eacf1 in isis's branch refs/heads/master from [~danhaywood]
[ https://git-wip-us.apache.org/repos/asf?p=isis.git;h=5cd8afd ]

ISIS-895: check that user has permissions to invoke home page action.

In addition:
- always render menu items, even on Error Page.

> HomePage should honour authorization rules.
> -------------------------------------------
>
>                 Key: ISIS-895
>                 URL: https://issues.apache.org/jira/browse/ISIS-895
>             Project: Isis
>          Issue Type: Improvement
>          Components: Core, Viewer: Wicket
>    Affects Versions: viewer-wicket-1.6.0, core-1.6.0
>            Reporter: Dan Haywood
>            Assignee: Dan Haywood
>            Priority: Minor
>             Fix For: viewer-wicket-1.7.0, core-1.7.0
>
(Continue reading)

Dan Haywood (JIRA | 15 Sep 21:39 2014
Picon

[jira] [Created] (ISIS-895) HomePage should honour authorization rules.

Dan Haywood created ISIS-895:
--------------------------------

             Summary: HomePage should honour authorization rules.
                 Key: ISIS-895
                 URL: https://issues.apache.org/jira/browse/ISIS-895
             Project: Isis
          Issue Type: Improvement
          Components: Core, Viewer: Wicket
    Affects Versions: core-1.6.0, viewer-wicket-1.6.0
            Reporter: Dan Haywood
            Assignee: Dan Haywood
            Priority: Minor
             Fix For: viewer-wicket-1.7.0, core-1.7.0

So, if a user doesn't have permission (the home page action isn't visible and/or usable) then it shouldn't
be invoked, and instead simply show the welcome messages.

However, this ticket does NOT require that the system checks that the user has permissions for the
resultant object invoked from the home page action (a dashboard or whatever); rather the expectation is
that the this the permissions be set-up correctly along with the user's permission to the home page action.

If the user doesn't have permission to the resultant object, then the usual behaviour should occur, ie to
show the error page.

--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

(Continue reading)

Dan Haywood | 15 Sep 21:34 2014

Re: [isis] fixed broken link (#1)

Folks,

Per the email train below, Jeroen noticed I merged in a PR from github (a
tiny one line fix to a README, but a PR nevertheless) and wanted to check
that it was ok to do so.

Anyway, just to confirm, it IS ok to merge in PRs, but do see [1] for more
info on what the great and the good at ASF have to say on the matter.

Cheers
Dan

[1] https://issues.apache.org/jira/browse/LEGAL-156

~~~~~~~~

On 12 September 2014 14:03, Dan Haywood <dan@...>
wrote:

> No, I did that.  I set up a remote to his fork, pulled down his commit,
> and merged it in.  That way github automatically closes the pull request.
>
> My understanding (I hope I'm right on this) is that there's an implicit
> ICLA for anyone raising a PR on an Apache project that they grant the
> rights to ASF for the change.
>
> But mostly just trying to keep things nice and clean...
>
>
> On 12 September 2014 14:00, Jeroen van der Wal <jeroen@...>
(Continue reading)


Gmane