We are using this openAM 9.5 RC1 branch source in our project. https://github.com/svn2github/openam.git
In order to fix some bugs, we have to modify existing openAM's amserver library. For this, we have downloaded the source code from above location and tried to compile it offline using ant (as stated in README). But we are not able to compile it anyhow (even after making necessary changes, adding dependencies etc.)
Is there any way to construct required library (amserver.jar) from this source code ?
The OpenAM 9.5.x and 10.0.x versions are rather difficult to build, but from 11.0.0 the build process should be much more simpler since the project has been migrated over to Maven build system.
In any case, the version you are using (Snapshot 9.5.1 RC1) is very much outdated and most likely has several critical issues (not to mention the security issues).
I would strongly advise against putting effort into backporting fixes to that ancient version. Instead you should realize that you are running a more than 4 years old version of a security component, and upgrade your system to a more recent version as soon as possible.
Related
In our .NET 6 apis we are using Simple Injector for dependency injection. With the latest version of Simple Injector, we observed that Snyk found five high-priority vulnerabilities and two medium vulnerabilities in
SimpleInjector.Integration.AspNetCore.Mvc v5.4.0. You can see one of them in the image below. All of them are probably caused by dependencies to an older version of the .NET Framework/runtime. Is it possible to provide a solution for these issues in the near future?
Is it possible to provide a solution for these issues in the near future?
If you look closely at the threat analysis, you'll notice that the issue not lies with the SimpleInjector.Integration.AspNetCore.Mvc package itself, but with the dependencies the package points at. It is, therefore, not an issue for the Simple Injector packages to fix, as all package authors would constantly have to upgrade their packages when there is a security flaw found in their dependency chain. The NuGet infrastructure is actually designed for these scenarios as a package lists its dependencies with the minimum compatible version. It's up to the application developer to select the most suitable version of those dependencies.
The solution is, therefore, straightforward: You, as an application developer should check whether the vulnerability affects your application, and if so (or when in doubt), act by updating the vulnerable dependencies in your application. If the vulnerable package isn't explicitly installed in your application, you should do so, and install a version that is not vulnerable.
Concretely, in your case the vulnerability lies in System.Net.Http, which means you should probably explicitly install that package in your application and upgrade to at least version 4.3.4, as this is the version that fixed the problem.
I want to configure SonarQube so it can analyze Delphi project too, and when I search online I saw there used to be a delphi plugin for SonarQube. But when I look at the plugins with the latest build it doesn't show the delphi plugin.
Is the plugin still available in an other way?
Or is it possible to configure SonarQube for delphi without the plugin?
As of G. Ann response was actually discontinued puglin for Sonar, but searching the internet, and recently (3 days) the developer Fabricio Columbus made it happen!
We tested and is running the current version of Sonar:
Compatible with SonarQube 4.5.x and SonarQube 5.1.2
https://github.com/fabriciocolombo/sonar-delphi
Release: https://github.com/fabriciocolombo/sonar-delphi/releases
JAR: https://github.com/fabriciocolombo/sonar-delphi/releases/download/0.3.3-SNAPSHOT/sonar-delphi-plugin-0.3.3-SNAPSHOT.jar
PS: Translated from Portuguese to English by Google Translate.
To analyze the files of language X, you need a plugin for language X that recognize's X's structure, syntax &etc. Without that you can't derive metrics (LOC, complexity, &etc.) or recognize bad code (i.e. raise issues for antipatterns.) So to answer your second question first, you won't be able to analyze Delphi code without some kind of Delphi plugin.
The Delphi plugin was deprecated quite a while ago because it seemed to suffer from a lack of interest all around & didn't evolve to maintain compatibility with the platform as it evolved.
If you look, you can find downloads of the old plugin, but to use it, you'd have to retrogress to a quite old version of the platform, & I don't recommend that. I'm not sure how far back you'd have to go - you could crack open the jar and get that from the pom - but it looks like the last mailing list activity on this plugin was Feb. 2012. So again, I don't recommend going this route.
What is the simplest way to migrate a Grails app developed in 3.0.4 to 3.0.6?
The grails documentation recommends to create a new app and migrate every component one by one. But there should be a simple way if we are migrating within version 3?
Any help much appreciated
I run a grails create-app to create a fresh install of the new version. I then copy the files from the new version over top of my older v3 version. It's then pretty simple using version control tools to check for changes that need to be merged. The following files will have some changes that need to be merged into my existing project files:
build.gradle
gradle.properties
To be safe I usually also copy over the following, though they are less likely to have changes:
gradle/
gradlew
gradlew.bat
grails-app/conf/application.yml
grails-app/conf/logback.groovy
grails-app/i18n/messages.properties
grails-app/init//Application.groovy
With version control it usually takes less than a few minutes to review and merge back any changes that need to be retained. I find the process fairly simple.
I think you refer to this documentation https://grails.github.io/grails-doc/latest/guide/upgrading.html which is really about grails 2.x to 3.0.x migration.
In the case you're already on 3.0.4 you can just look at the release note of the version to see what is new and if there's any impact. As you will see its a lot of bug fixes and the introduction of the new web profile to create REST specific applications.
Currently I am trying to figure out how to use Cocoapods. Many blogs quoted that Cocoapods is the best dependency management tool at present.
However, I am also using Gradle plugin for building my application.
Now the question is, can Gradle do the same dependency management for my private files & libraries (.a files) as Cocoapods.
Long story short (Jan. 2015):
Gradle: build system + dependency management.
Cocoapods: dependency management for Xcode internal builds.
There is probably more to this (for others that want to start commenting "but Cocoapods can also.."), but for a start that summarises it.
If you are new to iOS and/or Xcode you should probably not use a mixture of Gradle and Xcode as it adds extra complexity to an already complex build environment. If you are familiar with Gradle and you also (!) have some knowledge of Xcode, then I would recommend to use Gradle. Advantage? You have full control over your builds and it saves you from messing around in endless Xcode build-config-dialogs. On top you gain access to other repositories (maybe not that interesting for you) AND you can script your builds in a cross-platform environment. I also use a non-MacOS build server (Linux+Jenkins) which is able to interpret Gradle-build scripts, which is another plus.
If you want access to a versioning system other than git, you also gain access to that... when I type the lines right here, I wonder why I ever built an app without Gradle :-). I have even more things that come to my mind, now that I think about it: mixed programming-language builds (Java/C#/objC...), unit-test integration that does not require Xcode, easy reuse of build configurations from project to project ... .
Cocoapods is pretty much tied to Xcode, since it generates Xcode project files. The problem with Xcode is that it works best when it's building the app, not some external build system. I suppose it's possible to make a Gradle plugin that uses Cocoapods repositories with Gradle's Objective-C support, but I haven't seen anything like that.
I've just inherited an application written in Grails (version 1.0.3) and would like to upgrade it to the newest release (version 1.3.5).
I can't seem to find a reference that enumerates the differences between the two versions. I know there is the "grails upgrade" command - but is this the best option given the large differences in versions.
I have a similar question that I asked today as well for upgrading the version of Groovy, and the sntactical differences to be aware of (between version 1.3.5 and 1.7.5) - but I thought it may be best to separate the two questions to focus on each.
Many thanks,
~Aki
Things have changed quite a bit since 1.0.3, and unfortunately grails upgrade isn't going to do much for you.
Two significant changes that come to mind are that there was a bug in 1.0.3 and previous where 1-many and many-to-many collections (hasMany/belongsTo) were supposed to be lazy-loaded but weren't. This was fixed in 1.0.4 and several users found that they were relying on the behavior and saw issues. Most people didn't, and just saw a significant performance boost. So watch out for lazy loading exceptions.
Another thing that changed is that plugins are no longer in the root of the project in the 'plugins' folder but are now stored under your $HOME/.grails folder. If you've checked the plugins into source control (and especially if you've made any changes) then you can revert to 1.0.x behavior by adding a property to BuildConfig.groovy (a new file that was introduced in 1.1):
grails.project.plugins.dir = 'plugins'
I described my process for upgrading plugins and apps here: How to install Grails plugin from source code? - it's about a plugin project but the same goes for app upgrades.
The log4j configuration changed from one that's properties-based to a DSL. This means that if you leep your config settings from Config.groovy the log4j behavior will be the default, so you'll need to convert that.
Another change that isn't required but should be considered is that Ivy jar file resolution from Maven repos is now preferred over putting jar files in the lib directory. You can still put them in the lib dir, but it's more DRY to have Ivy download them once.
You'll probably also find that some of the plugins you have don't work in 1.3, so there might be some migration work there.
There are two recent books that cover Grails 1.2/1.3, "Grails: A Quick-Start Guide": http://www.amazon.com/dp/1934356468/ and "Getting Started with Grails, 2nd ed": http://www.infoq.com/minibooks/grails-getting-started - you should probably check those out since they're the most current Grails books.
Overall it shouldn't be that bad, as long as you don't try to upgrade in-place. Use the approach I described in the other post I referenced, i.e. create empty apps and diff files to see what changed (basically a 3-way diff).
The newest release is 1.3.6 (as of Dec 15). You can get a list of changes from the Release Notes of each release. Also, the upgrading from previous versions link the documentation is a good source of changes.