Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • JavaScript

  • Supply Chain attack. Hibernate and JBOSS worry me

    • Dependency on a 8 year old and 3 major versions out of date parser (ANTLR)

    • Recent, required jars are unsigned.

    • Do we shake their tree or suck it up? If the latter can someone sign these jars and pop the asc files into our repository)

      • NOTE that this trick only works for as long as build.shibboleth.net remains definitive for our builds. If we move to a site we don’t own we are back being open to attack at any time. (Modulo hard wired overrides for insecure jars)

  • Wiki Conversion as a background activity.

Scott

  • Jira LegacyserverSystem JIRAcolumnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolutionserverIdf52c7d31-6eab-3f0e-93c3-231b5754d506keyGEN-268https://shibboleth.atlassian.net/browse/GEN-268

    • /wiki/spaces/DEV/pages/2765979673

    • Will shut off Jira and downsize the server after Sep 1.

    • Will archive all the Apache configs and remove the old rules, may turn off the SP, EDS, etc.

    • SP metadata is in InCommon, managed by OSU, will remove after that date.

...