From: Damien R. <dr...@ma...> - 2014-03-03 09:46:11
|
Hi team, Last Friday, an SQL injection security issue [1] was discovered by Jakub Galczyk [2]. I quickly identified the root caused and patched it, and Jakub confirmed the fix resolves the issue. CVE-2014-2238 was assigned to it[3]. Considering this as well as the regression issue that was discovered after 1.2.16 go live [4], I suggest we release 1.2.17 this week unless there are any objections. I sent a note to Siebrand asking him to push the translations, and will cut the release after he does; Victor, would you be available to publish this week ? Damien [1] http://www.mantisbt.org/bugs/view.php?id=17055 [2] HauntIT blog http://hauntit.blogspot.com/ [3] http://thread.gmane.org/gmane.comp.security.oss.general/12241/focus=12247 [4] http://www.mantisbt.org/bugs/view.php?id=16940 http://thread.gmane.org/gmane.comp.bug-tracking.mantis.devel/4795/focus=5009 --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com |
From: Siebrand M. <s.m...@xs...> - 2014-03-03 09:49:46
|
On Mon, March 3, 2014 10:45, Damien Regad wrote: > I sent a note to Siebrand asking him to push the translations, and will > cut the release after he does; Done. Cheers! Siebrand |
From: Roland B. <ro...@at...> - 2014-03-03 10:46:37
|
No objections > Damien Regad <dr...@ma...> hat am 3. März 2014 um 10:45 geschrieben: > > > Hi team, > > Last Friday, an SQL injection security issue [1] was discovered by Jakub > Galczyk [2]. I quickly identified the root caused and patched it, and > Jakub confirmed the fix resolves the issue. > > CVE-2014-2238 was assigned to it[3]. > > Considering this as well as the regression issue that was discovered > after 1.2.16 go live [4], I suggest we release 1.2.17 this week unless > there are any objections. > > I sent a note to Siebrand asking him to push the translations, and will > cut the release after he does; Victor, would you be available to publish > this week ? > > Damien > > > [1] http://www.mantisbt.org/bugs/view.php?id=17055 > [2] HauntIT blog http://hauntit.blogspot.com/ > [3] > http://thread.gmane.org/gmane.comp.security.oss.general/12241/focus=12247 > [4] http://www.mantisbt.org/bugs/view.php?id=16940 > > http://thread.gmane.org/gmane.comp.bug-tracking.mantis.devel/4795/focus=5009 > > --- > This email is free from viruses and malware because avast! Antivirus > protection is active. > http://www.avast.com > > > > ------------------------------------------------------------------------------ > Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. > With Perforce, you get hassle-free workflows. Merge that actually works. > Faster operations. Version large binaries. Built-in WAN optimization and the > freedom to use Git, Perforce or both. Make the move to Perforce. > http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk > _______________________________________________ > mantisbt-dev mailing list > man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev |
From: Victor B. <vb...@gm...> - 2014-03-03 14:16:13
|
Sounds good. Are we targeting this coming weekend? On Mar 3, 2014 2:47 AM, "Roland Becker" <ro...@at...> wrote: > No objections > > > Damien Regad <dr...@ma...> hat am 3. März 2014 um 10:45 > geschrieben: > > > > > > Hi team, > > > > Last Friday, an SQL injection security issue [1] was discovered by Jakub > > Galczyk [2]. I quickly identified the root caused and patched it, and > > Jakub confirmed the fix resolves the issue. > > > > CVE-2014-2238 was assigned to it[3]. > > > > Considering this as well as the regression issue that was discovered > > after 1.2.16 go live [4], I suggest we release 1.2.17 this week unless > > there are any objections. > > > > I sent a note to Siebrand asking him to push the translations, and will > > cut the release after he does; Victor, would you be available to publish > > this week ? > > > > Damien > > > > > > [1] http://www.mantisbt.org/bugs/view.php?id=17055 > > [2] HauntIT blog http://hauntit.blogspot.com/ > > [3] > > > http://thread.gmane.org/gmane.comp.security.oss.general/12241/focus=12247 > > [4] http://www.mantisbt.org/bugs/view.php?id=16940 > > > > > http://thread.gmane.org/gmane.comp.bug-tracking.mantis.devel/4795/focus=5009 > > > > --- > > This email is free from viruses and malware because avast! Antivirus > > protection is active. > > http://www.avast.com > > > > > > > > > ------------------------------------------------------------------------------ > > Subversion Kills Productivity. Get off Subversion & Make the Move to > Perforce. > > With Perforce, you get hassle-free workflows. Merge that actually works. > > Faster operations. Version large binaries. Built-in WAN optimization > and the > > freedom to use Git, Perforce or both. Make the move to Perforce. > > > http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk > > _______________________________________________ > > mantisbt-dev mailing list > > man...@li... > > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > > > ------------------------------------------------------------------------------ > Subversion Kills Productivity. Get off Subversion & Make the Move to > Perforce. > With Perforce, you get hassle-free workflows. Merge that actually works. > Faster operations. Version large binaries. Built-in WAN optimization and > the > freedom to use Git, Perforce or both. Make the move to Perforce. > > http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk > _______________________________________________ > mantisbt-dev mailing list > man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > |
From: Damien R. <dr...@ma...> - 2014-03-03 14:37:51
|
On lundi 3 mars 2014 15:16:05, Victor Boctor wrote: > Sounds good. Are we targeting this coming weekend? I personally see no reason to delay it until end of week, unless there is some other fix that urgently needs to go in. As Siebrand has already checked in the updated translations earlier today, I can cut the release as soon as I get a green light; I have some time later this afternoon/tonight, tomorrow evening or Wednesday. So the only limiting factor would be your availability to manage the sourceforge publication, blog & mailing list announcements. D --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com |
From: Victor B. <vb...@gm...> - 2014-03-03 16:21:12
|
No worries, let me know once you are ready. On Mar 3, 2014 6:38 AM, "Damien Regad" <dr...@ma...> wrote: > On lundi 3 mars 2014 15:16:05, Victor Boctor wrote: > > Sounds good. Are we targeting this coming weekend? > > I personally see no reason to delay it until end of week, unless there > is some other fix that urgently needs to go in. > > As Siebrand has already checked in the updated translations earlier > today, I can cut the release as soon as I get a green light; I have some > time later this afternoon/tonight, tomorrow evening or Wednesday. > > So the only limiting factor would be your availability to manage the > sourceforge publication, blog & mailing list announcements. > > D > > --- > This email is free from viruses and malware because avast! Antivirus > protection is active. > http://www.avast.com > > > > > ------------------------------------------------------------------------------ > Subversion Kills Productivity. Get off Subversion & Make the Move to > Perforce. > With Perforce, you get hassle-free workflows. Merge that actually works. > Faster operations. Version large binaries. Built-in WAN optimization and > the > freedom to use Git, Perforce or both. Make the move to Perforce. > > http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk > _______________________________________________ > mantisbt-dev mailing list > man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > |
From: Paul R. <pa...@ma...> - 2014-03-03 16:33:31
|
The 1.2.16 release on https://github.com/mantisbt/mantisbt/releases is corrupt - can someone fix the link? Paul On Mon, Mar 3, 2014 at 4:21 PM, Victor Boctor <vb...@gm...> wrote: > No worries, let me know once you are ready. > On Mar 3, 2014 6:38 AM, "Damien Regad" <dr...@ma...> wrote: > >> On lundi 3 mars 2014 15:16:05, Victor Boctor wrote: >> > Sounds good. Are we targeting this coming weekend? >> >> I personally see no reason to delay it until end of week, unless there >> is some other fix that urgently needs to go in. >> >> As Siebrand has already checked in the updated translations earlier >> today, I can cut the release as soon as I get a green light; I have some >> time later this afternoon/tonight, tomorrow evening or Wednesday. >> >> So the only limiting factor would be your availability to manage the >> sourceforge publication, blog & mailing list announcements. >> >> D >> >> --- >> This email is free from viruses and malware because avast! Antivirus >> protection is active. >> http://www.avast.com >> >> >> >> >> ------------------------------------------------------------------------------ >> Subversion Kills Productivity. Get off Subversion & Make the Move to >> Perforce. >> With Perforce, you get hassle-free workflows. Merge that actually works. >> Faster operations. Version large binaries. Built-in WAN optimization and >> the >> freedom to use Git, Perforce or both. Make the move to Perforce. >> >> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk >> _______________________________________________ >> mantisbt-dev mailing list >> man...@li... >> https://lists.sourceforge.net/lists/listinfo/mantisbt-dev >> > > > ------------------------------------------------------------------------------ > Subversion Kills Productivity. Get off Subversion & Make the Move to > Perforce. > With Perforce, you get hassle-free workflows. Merge that actually works. > Faster operations. Version large binaries. Built-in WAN optimization and > the > freedom to use Git, Perforce or both. Make the move to Perforce. > > http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk > _______________________________________________ > mantisbt-dev mailing list > man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > > |
From: Damien R. <dr...@ma...> - 2014-03-03 17:21:57
|
On 03.03.2014 17:25, Paul Richards wrote: > The 1.2.16 release on https://github.com/mantisbt/mantisbt/releases is > corrupt - can someone fix the link? Paul, As you know you can't use tarballs from github due to the fact that git-archive does not support submodules. The official place to download the software is Sourceforge. Damien --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com |
From: Paul R. <pa...@ma...> - 2014-03-03 17:34:09
|
The 1.2.17 release on https://github.com/mantisbt/mantisbt/releases is also corrupt Paul On Mon, Mar 3, 2014 at 5:21 PM, Damien Regad <dr...@ma...> wrote: > On 03.03.2014 17:25, Paul Richards wrote: > > The 1.2.16 release on https://github.com/mantisbt/mantisbt/releases is > > corrupt - can someone fix the link? > > Paul, > > As you know you can't use tarballs from github due to the fact that > git-archive does not support submodules. The official place to download > the software is Sourceforge. > > Damien > > > > --- > This email is free from viruses and malware because avast! Antivirus > protection is active. > http://www.avast.com > > > > > ------------------------------------------------------------------------------ > Subversion Kills Productivity. Get off Subversion & Make the Move to > Perforce. > With Perforce, you get hassle-free workflows. Merge that actually works. > Faster operations. Version large binaries. Built-in WAN optimization and > the > freedom to use Git, Perforce or both. Make the move to Perforce. > > http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk > _______________________________________________ > mantisbt-dev mailing list > man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > |
From: Paul R. <pa...@ma...> - 2014-03-03 17:44:05
|
On Mon, Mar 3, 2014 at 5:21 PM, Damien Regad <dr...@ma...> wrote: > On 03.03.2014 17:25, Paul Richards wrote: > > The 1.2.16 release on https://github.com/mantisbt/mantisbt/releases is > > corrupt - can someone fix the link? > > Paul, > > As you know you can't use tarballs from github due to the fact that > git-archive does not support submodules. The official place to download > the software is Sourceforge. > > Damien > > Then we should remove the link for now Paul |
From: Damien R. <dr...@ma...> - 2014-03-03 19:41:25
|
On 03.03.2014 18:43, Paul Richards wrote: > Then we should remove the link for now I would but Github does not allow to configure this. --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com |
From: Damien R. <dr...@ma...> - 2014-03-03 23:20:12
|
On 2014-03-03 17:21, Victor Boctor wrote: > No worries, let me know once you are ready. Hi Victor, The elease is ready to go - tarballs as usual in /srv/release-files - tracker and web site updated - release notes in https://github.com/mantisbt/mantisbt/blob/master-1.2.x/doc/RELEASE D |
From: Victor B. <vb...@gm...> - 2014-03-04 06:02:08
|
Done. Published on SF an updated blog, announce mailing list and twitter. On Mon, Mar 3, 2014 at 3:16 PM, Damien Regad <dr...@ma...> wrote: > On 2014-03-03 17:21, Victor Boctor wrote: > > No worries, let me know once you are ready. > > Hi Victor, > > The elease is ready to go > > - tarballs as usual in /srv/release-files > - tracker and web site updated > - release notes in > https://github.com/mantisbt/mantisbt/blob/master-1.2.x/doc/RELEASE > > D > > > > > ------------------------------------------------------------------------------ > Subversion Kills Productivity. Get off Subversion & Make the Move to > Perforce. > With Perforce, you get hassle-free workflows. Merge that actually works. > Faster operations. Version large binaries. Built-in WAN optimization and > the > freedom to use Git, Perforce or both. Make the move to Perforce. > > http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk > _______________________________________________ > mantisbt-dev mailing list > man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > |
From: Damien R. <dr...@ma...> - 2014-03-04 07:50:15
|
On 04.03.2014 07:02, Victor Boctor wrote: > Done. Published on SF an updated blog, announce mailing list and twitter. Thanks Victor. Just a comment - I would suggest to update the "official site" download link on the blog (and possibly also the one on mantisbt.org), because at the moment it requires too many clicks and page loads to reach the actual download: 1. Blog 2. mantisbt.org home 3. mantisbt.org downloads 4. sourceforge mantis stable 5. sourceforge 1.2.17 folder 6. file download I think we should go straight from 1 (and also 2 and 3) to 5 D --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com |
From: Victor B. <vb...@gm...> - 2014-03-04 15:19:32
|
I've updated the blog to point directly to the MantisBT downloads page. We can also change the downloads page to point directly to sourceforge 1.2.17 folder. I think it is a good idea for all downloads to flow through the site download page rather than directly to sourceforge. This will make it easy for us to move to other downloads options (e.g. host the release files on our server or a service like S3 / CloudFront). Once we reference the 1.2.17 folder directly, we should make sure to update the website only once sourceforge is updated. On Mon, Mar 3, 2014 at 11:49 PM, Damien Regad <dr...@ma...> wrote: > On 04.03.2014 07:02, Victor Boctor wrote: > > Done. Published on SF an updated blog, announce mailing list and > twitter. > > Thanks Victor. > > Just a comment - I would suggest to update the "official site" download > link on the blog (and possibly also the one on mantisbt.org), because at > the moment it requires too many clicks and page loads to reach the > actual download: > > 1. Blog > 2. mantisbt.org home > 3. mantisbt.org downloads > 4. sourceforge mantis stable > 5. sourceforge 1.2.17 folder > 6. file download > > I think we should go straight from 1 (and also 2 and 3) to 5 > > D > > > --- > This email is free from viruses and malware because avast! Antivirus > protection is active. > http://www.avast.com > > > > > ------------------------------------------------------------------------------ > Subversion Kills Productivity. Get off Subversion & Make the Move to > Perforce. > With Perforce, you get hassle-free workflows. Merge that actually works. > Faster operations. Version large binaries. Built-in WAN optimization and > the > freedom to use Git, Perforce or both. Make the move to Perforce. > > http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk > _______________________________________________ > mantisbt-dev mailing list > man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > |
From: Damien R. <dr...@ma...> - 2014-03-03 19:39:15
|
On 03.03.2014 17:21, Victor Boctor wrote: > No worries, let me know once you are ready. Hi Victor, Release is ready to go - tarballs as usual in /srv/release-files - tracker and web site updated - release notes in https://github.com/mantisbt/mantisbt/blob/master-1.2.x/doc/RELEASE D --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com |
From: Damien R. <dr...@ma...> - 2014-03-04 17:26:48
|
On 2014-03-04 16:19, Victor Boctor wrote: > I've updated the blog to point directly to the MantisBT downloads page. Cheers > We can also change the downloads page to point directly to sourceforge > 1.2.17 folder. I think it is a good idea for all downloads to flow > through the site download page rather than directly to sourceforge. > This will make it easy for us to move to other downloads options > (e..g. host the release files on our server or a service like S3 / > CloudFront).. I am not really sure why we would want to do that, what would be the benefits of switching services ? I think sourceforge is quite good for our purposes. Anyway, if you want to keep it transiting through mantisbt.org at the expense more clicks for users, fine by me. > Once we reference the 1.2.17 folder directly, we should make sure to > update the website only once sourceforge is updated. Not really a blocking point actually, Sourceforge just redirects invalid URLs with a popup message mentioning the file was not found e.g. : https://sourceforge.net/projects/mantisbt/files/mantis-stable/1.2.99/ goes to https://sourceforge.net/projects/mantisbt/files/ But you're right, it would be best to do things in sequence (sf upload then mantisbt.org update) - which just means more work for you - unless you grant me release technician rights. Your call. D |
From: Victor B. <vb...@gm...> - 2014-03-04 18:55:34
|
I'll fix the access rights. On Tue, Mar 4, 2014 at 9:26 AM, Damien Regad <dr...@ma...> wrote: > On 2014-03-04 16:19, Victor Boctor wrote: > > I've updated the blog to point directly to the MantisBT downloads page. > > Cheers > > > We can also change the downloads page to point directly to sourceforge > > 1.2.17 folder. I think it is a good idea for all downloads to flow > > through the site download page rather than directly to sourceforge. > > This will make it easy for us to move to other downloads options > > (e..g. host the release files on our server or a service like S3 / > > CloudFront).. > > I am not really sure why we would want to do that, what would be the > benefits of switching services ? I think sourceforge is quite good for > our purposes. Anyway, if you want to keep it transiting through > mantisbt.org at the expense more clicks for users, fine by me. > > > Once we reference the 1.2.17 folder directly, we should make sure to > > update the website only once sourceforge is updated. > > Not really a blocking point actually, Sourceforge just redirects invalid > URLs with a popup message mentioning the file was not found e.g. : > > https://sourceforge.net/projects/mantisbt/files/mantis-stable/1.2.99/ > goes to > https://sourceforge.net/projects/mantisbt/files/ > > But you're right, it would be best to do things in sequence (sf upload > then mantisbt.org update) - which just means more work for you - unless > you grant me release technician rights. Your call. > > D > > > > > ------------------------------------------------------------------------------ > Subversion Kills Productivity. Get off Subversion & Make the Move to > Perforce. > With Perforce, you get hassle-free workflows. Merge that actually works. > Faster operations. Version large binaries. Built-in WAN optimization and > the > freedom to use Git, Perforce or both. Make the move to Perforce. > > http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk > _______________________________________________ > mantisbt-dev mailing list > man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > |