Closed mw866 closed 3 years ago
Thanks for this issue. Could you create a push request?
@aramrami I've upgraded the Project Language Level to Java 1.8 in my pull requests. https://github.com/aramrami/OWASP-CSRFGuard/pull/129/
May we need to create a new branch and assign a new version number ? What do you think ?
Azzeddine
Le mar. 4 août 2020 à 20:31, forgedhallpass notifications@github.com a écrit :
@aramrami https://github.com/aramrami I've upgraded the Project Language Level to Java 1.8 in my pull requests. aramrami/OWASP-CSRFGuard#129 https://github.com/aramrami/OWASP-CSRFGuard/pull/129
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/OWASP/www-project-csrfguard/issues/7#issuecomment-668783712, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABXCEE3BVNAEUK6MEMDFDLR7BO2XANCNFSM4NEW3EGA .
This depends on the branching strategy you want on the project. You can create a new branch, which will be later on merged to the master, or you can create a release branch or tag the latest stable version and then we could use the master as the development branch. Working with a feature branch could lead to merging issues if others will work in a parallel branch as I've done quite a lot of refactoring in the project. I am working to fix some other issues I've identified and would like to create at least a minor release before the end of this month as I would like to use the new code base in some of my projects.
Please let me know what have you decided, so that I can continue pushing my changes in one way or another.
I prefer to create a new branch for Java 8 because the project is used worldwide with Java 6 and 7. Could you help with that ? Azzeddine
Le mer. 5 août 2020 à 08:40, forgedhallpass notifications@github.com a écrit :
This depends on the branching strategy you want on the project. You can create a new branch, which will be later on merged to the master, or you can create a release branch or tag the latest stable version and then we could use the master as the development branch. Working with a feature branch could lead to merging issues if others will work in a parallel branch as I've did quite a lot of refactoring in the project. I am working to fix some other issues I've identified and would like to create at least a minor release before the end of this month as I would like to use the new code base in some of my projects.
Please let me know what have you decided, so that I can continue pushing my changes in a way or another.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/OWASP/www-project-csrfguard/issues/7#issuecomment-669035878, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABXCEHGDSYXNB3KG5LEAC3R7EEIDANCNFSM4NEW3EGA .
Azzedine Ramrami
OWASP Morocco Chapter
OWASP AppSec Africa President
IBM Security - Senior Security & Network Architect Data & Application Security, Cogntive Security, IoT/OT/ICS/SCADA Security & SIEM Certified Mile2 CPTE/CPTC/CDFE/CSWAE and EC-Council C|EH OWASP Morocco Leader/OWASP AppSec Africa President IBM Security Global Speaker
OWASP RAF Project Leader
OWASP CSRFGuard Project Leader
*Consider giving back, and supporting the open source community by becoming a *member https://www.owasp.org/index.php/Membership or making a donation https://www.owasp.org/index.php/Donate today!
Join us at AppSec https://2018.appsecmorocco.org/ https://2018.appsecmorocco.org/Morocco https://2018.appsecmorocco.org/
Phone: +33 1 58 75 18 17 | Mobile: +33 6 65 48 90 04 / +33 6 10 25 93 15 E-mail: azzedine.ramrami@fr.ibm.com azzeddine.ramrami@gmail.com Skype: azzeddine.ramrami
Java 6 and 7 has already reached their end of life. I don't think we should try to maintain backwards compatibility indefinitely. In my opinion the new releases should go forward by supporting newer technologies. Users can merge the fixes back to the latest version that supports java 6, if they feel like to, or can remain on the last stable version.
Maintaining multiple versions in parallel is costly, and considering that there aren't too many contributors, I'd say there isn't capacity to do so either.
Could you help with that ?
I do not have the rights to create new branches. You have also told me previously to work on your repository instead, so I've created my pull requests there, but they should be be approved.
Hi, I can give the right if you want to help and join us for the version 4.0. What is the GitHub account ?
Azzeddine
Le mer. 5 août 2020 à 12:00, forgedhallpass notifications@github.com a écrit :
Java 6 and 7 has already reached their end of life. I don't think we should try to maintain backwards compatibility indefinitely. In my opinion the new releases should go forward by supporting newer technologies. Users can merge the fixes back to the latest version that supports java 6, if they feel like to, or can remain on the last stable version.
Maintaining multiple versions in parallel is costly, and considering that there aren't too many contributors, I'd say there isn't capacity to do so either.
Could you help with that ?
I do not have the rights to create new branches. You have also told me previously to work on your repository instead, so I've created my pull requests there, but they should be be approved.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/OWASP/www-project-csrfguard/issues/7#issuecomment-669127908, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABXCEGRLYLUZ3573VGDCNTR7E3TPANCNFSM4NEW3EGA .
Azzedine Ramrami
OWASP Morocco Chapter
OWASP AppSec Africa President
IBM Security - Senior Security & Network Architect Data & Application Security, Cogntive Security, IoT/OT/ICS/SCADA Security & SIEM Certified Mile2 CPTE/CPTC/CDFE/CSWAE and EC-Council C|EH OWASP Morocco Leader/OWASP AppSec Africa President IBM Security Global Speaker
OWASP RAF Project Leader
OWASP CSRFGuard Project Leader
*Consider giving back, and supporting the open source community by becoming a *member https://www.owasp.org/index.php/Membership or making a donation https://www.owasp.org/index.php/Donate today!
Join us at AppSec https://2018.appsecmorocco.org/ https://2018.appsecmorocco.org/Morocco https://2018.appsecmorocco.org/
Phone: +33 1 58 75 18 17 | Mobile: +33 6 65 48 90 04 / +33 6 10 25 93 15 E-mail: azzedine.ramrami@fr.ibm.com azzeddine.ramrami@gmail.com Skype: azzeddine.ramrami
"forgedhallpass" is my GitHub account user name.
The source and target java versions within the new code-base was upgraded to 1.8. This should solve your issue.
For maintaining compatibility with legacy applications the old 3.x version has been moved to a separate branch, but probably no active development will be done on it.
Two errors when running
mvn clean install
and the solutionsError 1: JDK 6 not supported Error message:
Solution: Use older JDK versions by setting
JAVA_HOME
environment variable.Error 2: TLS version Error message:
Solution: Set TLS version to TLSv1.2
Explanation: https://stackoverflow.com/questions/16541627/javax-net-ssl-sslexception-received-fatal-alert-protocol-version