Versions Compared

Old Version 12

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Ian Young

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Shibboleth Developer's Meeting, 2020-06-19

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would will be Friday 2020-07-04. Any reason to deviate from this?17 due to the US vacation around the 4th.

60 to 90 minute call window.


Call Details

This week's call will use the Zoom system at GU, see ZoomGU for see ZoomGU for access info.


AGENDA

  1. CVE-2017-17485 - don't think V3 is strictly vulnerable but we need to verify - should review for any other Jackson vulns since

  2. IBM DID demo/presentation at their request at 11am EDT

Attendees:


Brent

  • Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyOSJ-304
    - Coded up most of the bits, just need to decide on the default strategy, and whether we need strategy plugability vs just on/off.

Daniel

  • Nothing for today

Henri


Ian

  • Java 15 is now in "rampdown phase one", i.e., mostly feature frozen.
    • Nashorn removal: Rod has most of this covered already, but a couple of test dependencies required:
      • Jira Legacy
        serverShibboleth JIRA
        serverId180d847f-bce4-36b2-9964-771bff586829
        keyJSE-37
      • Jira Legacy
        serverShibboleth JIRA
        serverId180d847f-bce4-36b2-9964-771bff586829
        keyOSJ-320
      • Jira Legacy
        serverShibboleth JIRA
        serverId180d847f-bce4-36b2-9964-771bff586829
        keyJOIDC-10
    • Sun EC provider partially disabled:
      • Jira Legacy
        serverShibboleth JIRA
        serverId180d847f-bce4-36b2-9964-771bff586829
        keyOSJ-319
    • Haven't tried integration tests yet.
    • Honestly, not as much as I expected (for which all credit to Rod for the work he's done already).

...

  • Renaming questionable settings - mostly done I think except docs
    • Added a new bean that can monitor an application context for bean definitions to deprecate
  • Various 4.1 features and bugs
  • Ongoing documentation fixing
  • Working on "Hello World" admin flow for out of the box testing of authentication and attribute settings, and debugging error handling
    • Enhanced conditional resource class to support alternative "default content", allowing "conditional" scriptlets
    • We could use this to scatter around ScriptedAction exits in many places if we wanted
  • Access to PrivacyIdea code from SWITCH


Tom

  • busy with other stuff
  • will swap in consent

Other