...
JavaScript
Supply Chain attack. Hibernate and JBOSS worry me
Dependency on a 8 year old and 3 major versions out of date parser (ANTLR)
Recent, required jars are unsigned.
Do we shake their tree or suck it up? If the latter can someone sign these jars and pop the asc files into our repository)
NOTE that this trick only works for as long as build.shibboleth.net remains definitive for our builds. If we move to a site we don’t own we are back being open to attack at any time. (Modulo hard wired overrides for insecure jars)
Wiki Conversion as a background activity.
Scott
Jira Legacy server System JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key GEN-268https://shibboleth.atlassian.net/browse/GEN-268Will shut off Jira and downsize the server after Sep 1.
Will archive all the Apache configs and remove the old rules, may turn off the SP, EDS, etc.
SP metadata is in InCommon, managed by OSU, will remove after that date.
...