Uploaded image for project: 'Red Hat CodeReady Studio (devstudio)'
  1. Red Hat CodeReady Studio (devstudio)
  2. JBDS-3570

Include eap-6.4-CVE-2015-7501 into JBDS installer

    XMLWordPrintable

    Details

    • Affects:
      Release Notes
    • Docs QE Status:
      NEW

      Description

      During the whole thing about JBDS-3560, JBDS-3561 and JBDS-3562, Nick changed JBDS 9.1.0 to use the internal build of EAP 6.4.5 in the build process:
      4.3.x branch:
      https://github.com/jbdevstudio/jbdevstudio-product/commit/c8aea70202616dfd168e317510fc861bdc02ec82

      And in master:
      https://github.com/jbdevstudio/jbdevstudio-product/commit/6792edbfefcf54d4329519d21f8c29566d720b6e

      I understand that some of the above mentioned JIRAs are not resolved yet, but I wanted to be sure to track this - we need to make sure not to bundle this build of EAP, because it's an internal build not supposed to be public. (Yes, the original assumption was that perhaps this time there would be an exception, but it turned out not to be the case.)

      For JBDS 9.1.0.Beta1 I suggest we include the same patched EAP as discussed in JBDS-3562 . But it's kind of tricky how to make it obvious to users - I'm not sure if we want to include the CVE in the filename again.

      But in any case, we can never include EAP 6.4.5 full build.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              nickboldt Nick Boldt
              Reporter:
              mmalina Martin Malina
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: