Is there a plan to update Orbeon CE logging to log4j 2.17 and if so, when?
We are aware that the current log4j 1.X version is not susceptible to the recent vulnerability, but other vulnerabilities are still present.
Orbeon Forms 2021.1 CE, coming out soon, will include Log4j 2.17 (or newer if they release yet another version in the next few days).
The vulnerabilities affecting Log4j 1.x affect things like SocketAppender and SMTP. We recommend for now that you don't use any networking feature with Log4j in your log4j.xml. Just use plain logging to files. If you do that, you are quite safe with Log4j 1.x, and possibly safer than with any version of Log4j 2 where vulnerabilities apparently keep being found :(
We haven't yet decided whether we would release fixes for earlier CE versions as the issues can be addressed entirely via configuration.
Related
I am looking for the legacy mbedtls documentation.
It was available at tls.mbed.org before joining the trustedFirmware project. Now, sadly, it is not reachable anymore.
Thanks!
tls.mbed.org only had the latest version, and then it froze at some point and was showing an old version until it went down. I haven't found a site hosting multiple versions of the documentation.
You can typeset the documentation on a typical Unix-like system (e.g. Linux or macOS or WSL or Cygwin) by checking out the version you want from the GitHub repository. This has the advantage that you can typeset the documentation for your configuration: after setting mbedtls/mbedtls_config.h (mbedtls/config.h in Mbed TLS 2.x), run
make apidoc
and browse apidoc/modules.html or apidoc/files.html.
If you want the whole documentation including all compile-time options and features that may or may not be enabled in your build, run
scripts/apidoc_full.sh
Note that this overwrites mbedtls/mbedtls_config.h.
I am trying to pick up Grails using Groovy Grails tool suite. I tried to set up the tools to play around with Grails, unfortunately this issue which will need some advise. Please help me to resolve this problem.
These are the tools I had installed, using window 7:
1. Java JDK (jdk1.8.0_101)
2. Grails 2.3.4
3. Groovy Grails Tool Suite 3.5.1
Both Java and Grails are running fine. #cmd:
C:\Users\00Who00>java -version
java version "1.8.0_101"
Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)
C:\Users\00Who00>grails -version
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option PermSize=32m; support
was removed in 8.0
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=256m; sup
port was removed in 8.0
Grails version: 2.3.4
Grails 2.3 doesn't work with Java 8 because of the version of Groovy it uses; you need to use a newer version that uses a version of Groovy that's compatible. Either user Grails 2.4+ (or embrace 2016 and use an even more recent version) or switch to Java 7.
If you're getting started with Grails and attempting to use GGTS and Grails 2.3, I suspect you might be reading Grails in Action 2nd Ed. A fantastic book! Regardless, a couple of things to note:
Groovy-Grails Tool Suite has been discontinued for over a year, so is quite likely to have more issues
Grails 3.x is the latest and much improved (Gradle and Spock are defaults, among many other things)
For an IDE, I suggest switching to IntelliJ IDEA. If you are using Grails 3, both Ultimate and Community editions work fine since Grails 3 uses Gradle as a build tool. I'd definitely recommend the Grails 3/IntelliJ combo for getting up to speed, even if you need to switch back to 2.3 for work purposes. Nearly all the knowledge will transfer.
Available Grails 3 resources
There are no books yet on Grails 3 specifically. Here are some of the best resources I've found.
Grails 3 talks at SpringOne: infoq.com/conferences/springone2gx2015
Grails 3 User Guide: docs.grails.org/latest/guide/single.html
MrHaki's "Grails Goodness" series (which he offers compiled as a book also): mrhaki.blogspot.com/search/label/Grails%3AGoodness.
Beyond those, the Grails in Action 2nd Ed book is still very relevant and one of the best ways to get a comprehensive understanding of Grails.
Forgive me as I am new to the ruby environment, in fact I do most my developing in other languages. As such I would love to use intellij as I understand it can do everything all of it's sibling IDE's can. That be said I have looked through the plugins and can't seem to find anything that is related to Ruby/Rubymine. Can someone please tell me which modules I need to enable and where I might find those so I can spin up a ruby project?
Thank you in advance.
To use Ruby plugin functionality in Intellij you need to install this plugin:
http://plugins.jetbrains.com/plugin/?id=1293.
The differences between RubyMine and Ruby plugin are listed here
http://devnet.jetbrains.com/docs/DOC-1146
Key point is
The Ruby plugin for IntelliJ IDEA is built from the same codebase as RubyMine. Some features may be temporary not available in the plugin because the latest available IntelliJ IDEA bases on an earlier IntelliJ platform compared to RubyMine.
We have Jenkins installed and running on a WebSphere Application Server. We recently upgraded the server to version 8.5.5 and switched the profile to use JDK version 1.7. Doing this Jenkins Crashes the WebSphere Application Server and we cannot tell why. Any hints or suggestions on things to look at? Switching the server back to JDK 1.6 seems to work just fine, can Jenkins not run on JDK 1.7 or is it something else?
I'll assume that by crash the websphere application server you mean either a fatal error at startup or a java process crash. Those can have many causes.
Just to give some ideas, it may be related to the fact that you had somewhat customized your JDK install and forgot to re-apply those customization to your new JDK. Or that switching SDK requires you to switch command line options, or that you indeed hit an incompatible class in the stack, or that your process crash because of bad luck, etc.
So please find more information in the logs, either the corresponding stack traces in your WAS server logs or the javacores crash files.
Please also report your jenkins version.
As for JDK 7 compatibility, latest jenkins itself should be compatible, yet some plugins are not
You may also want to read this: https://stackoverflow.com/questions/17411717/jenkins-on-websphere-reports-java-lang-noclassdeffounderror-jenkins-model-jenki. Maybe you have the same issue.
If you indeed find out an incompatibility, please report an issue in jenkins issue tracker and consider updating the Jenkins Websphere wiki.
I have a JSF Mojarra 2.0.3 app that was developed entirely on Tomcat 7 where it works superbly. I need to deploy this application on JBoss or on Glassfish and the application runs but in some parts behaves strangely. On both JBoss 6 and on Glassfish 3 this exact same bizarre behavior occurs.
I believe this happens for a number of reasons:
1) These app servers have their own version of Mojarra JSF bundled within them and these are being used in lieu of the Mojarra 2.0.3 I have in the applications web_inf/lib folder.
2) I am using a third party rich control toolkit that is probably behaving strangely because it expects this specific version of Mojarra (2.0.3 to be exact).
Bottom line is, I am floundering in every attempt to surgically remove JSF from one of these app servers because I strongly suspect this is the reason why these app servers behave differently from Tomcat, which does not have JSF joined at the hip.
Due to client prejudices and inhouse expertise, JBoss is required to host on production so using Tomcat in production is not an option.
Help?
I'm not sure where the libs are in JBoss(simple Google might tell you) but in Glassfish you'll just want to replace the JSF 2.0 jars. They are located in .
install directory\glassfish\modules
Just replace the jsf-api and jsf-impl with the ones you used in the Tomcat version. Then you'll be on the same page.