Versions Compared

Old Version 16

changes.mady.by.user Tom Zeller

Saved on

compared with

New Version 17

changes.mady.by.user Philip Smart

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Nothing really (holidays)

  • Started back on

    Jira Legacy
    serverSystem JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJCOMOIDC-23
    https://shibboleth.atlassian.net/browse/JCOMOIDC-23 yesterday.

  • Realised I was not on the Users mailing list, and a few questions had gone by about the DuoOIDC plugin. Not sure I can respond retrospectively. I could add some input to two of them via a new mail to the list?

Rod

  • JavaScript

  • Supply Chain attack. Hibernate and JBOSS worry me

    • Dependency on a 8 year old and 3 major versions out of date parser (ANTLR)

    • Recent, required jars are unsigned.

    • Do we shake their tree or suck it up? If the latter can someone sign these jars and pop the asc files into our repository)

      • NOTE that this trick only works for as long as build.shibboleth.net remains definitive for our builds. If we move to a site we don’t own we are back being open to attack at any time. (Modulo hard wired overrides for insecure jars)

  • Wiki Conversion as a background activity.

...