Formsflow.ai is using Camunda, which is a java based application. So will formsflow.ai be affected by the latest log4shell vulnerability which is a very high risk vulnerability with CVE-2021-44228.
No, formsflow.ai is not using log4j-core in the dependency stack. It uses only the following dependencies
BOOT-INF/lib/log4j-to-slf4j-2.13.3.jar
BOOT-INF/lib/log4j-api-2.13.3.jar
Related
Scout is an exploratory testing tool that interacts with Tableau's Server or Desktop product in order to capture performance metrics for specific User actions across a set of workbooks.
Scout was updated to v1.5 on December 3rd, 2021, just before the log4j vulnerability. We have been unable to use Scout due to the vulnerability and are looking for options to get Scout running again.
Scout Getting Started page:
https://community.tableau.com/s/question/0D54T00000G54CPSAZ/getting-started-scout
You need to upgrade to the latest Patch version of Tableau Server for any major version (which includes the logj4 update), they have resolved all vulnerabilities related to log4J.
Tableau Scout has been updated to 1.6, which includes fixing the log4j vulnerability.
I don't understand what does codemagic team mean on this screenshot. Why should I add 100 to build number? Or this is just an example? And when should I update 1.0.0 to 1.0.1 or 1.1.0 to 1.2.0?
It's just an example demonstration how to add greater numbers. Often necessary when you have already built many times locally and are switching to automatic - otherwise your publishing will fail. If you do not have any releases yet, then just using $BUILD_NUMBER is sufficient.
I think updating the build version is up to the developer though - and there are no strict rules how to do it - just move upwards with it.
https://rollout.io/blog/best-practices-when-versioning-a-release/
I'm looking at implementing a plugin architecture where I will have end users write plugins that I will execute in the application I'm developing (.net-core 2.0 console application). I load the plugins dynamically at runtime and they implement a plugin interface in a shared assembly. I do want to limit the actions that the user can perform from the plugin and therefore I provide the plugin with an API object. Is there a way to limit the plugin so that it only can use that API? In .NET 4.x I could do this with AppDomains and Code Access Security but haven't found a way to do the same in dotnet core yet. Any ideas how to solve this?
I had written a library and published it as a jar. Other applications used my library and everything was great.
Now the other application upgraded their dependencies. and now when they run. the application crashes when it calls my library. It seems that the application now depends on netty 4.1.8 whereas my library depended on a third party library which used an older version. Now when building the other application, sbt evicts my netty version with the newer one. The newer netty version does not have the method on which my code depends upon.
Thus the exception
org.jboss.netty.handler.codec.http.HttpRequest.setHeader(Ljava/lang/String;Ljava/lang/Object;)V"
com.ning.http.client.providers.netty.NettyAsyncHttpProvider.construct(NettyAsyncHttpProvider.java:693)
com.ning.http.client.providers.netty.NettyAsyncHttpProvider.buildRequest(NettyAsyncHttpProvider.java:650)
com.ning.http.client.providers.netty.NettyConnectListener$Builder.build(NettyConnectListener.java:144)
com.ning.http.client.providers.netty.NettyAsyncHttpProvider.doConnect(NettyAsyncHttpProvider.java:1070)
com.ning.http.client.providers.netty.NettyAsyncHttpProvider.execute(NettyAsyncHttpProvider.java:935)
com.ning.http.client.AsyncHttpClient.executeRequest(AsyncHttpClient.java:499)
dispatch.HttpExecutor$class.apply(execution.scala:47)
dispatch.Http.apply(execution.scala:12)
dispatch.HttpExecutor$class.apply(execution.scala:42)
dispatch.Http.apply(execution.scala:12)
scalaxb.DispatchHttpClients$DispatchHttpClient$class.request(httpclients_dispatch.scala:21)
scalaxb.DispatchHttpClients$$anon$1.request(httpclients_dispatch.scala:6)
scalaxb.SoapClients$SoapClient$class.soapRequest(soap12.scala:41)
scalaxb.SoapClients$$anon$1.soapRequest(soap12.scala:23) scalaxb.SoapClients$SoapClient$class.requestResponse(soap12.scala:60)
scalaxb.SoapClients$$anon$1.requestResponse(soap12.scala:23)
I am already using the latest version of the 3rd party library (scalaxb) which depends on old netty.
This is really killing because my library is holding back the entire upgrade process of the application.
There isn't much you can do about this, aside from telling that application's maintainers that using your library requires that specific version of netty, and is not compatible with newer versions. They have to either downgrade back or replace you library with something else.
Where can I find information about upgrading Magento Enterprise 1.7. to the latest 1.9. ?
There's no such documentation.
Your general approach:
1. Close production server
2. Backup all DBs and Magento installation
3. Turn off all your custom extensions and themes
4. Delete from HDD: core Magento modules, their layouts, all standard themes and cache.
5. Get 1.9 EE, copy it over your installation
6. Request Magento through http
7. Walk at your site, notice errors and warnings, fix them
8. Check documentation and update for your theme, whether it supports EE 1.9. Turn it on if it supports, otherwise you'll need another theme.
9. Check documentation and updates for all your custom extensions - whether they support 1.9. Turn them on - one by one.
You won't have any problem with upgrading all core DB data - it's made automatically.
You'll have problems with your custom theme, as you'll need new version with support for 1.9. And you'll need to check your custom extensions and upgrade their source and DB data to fit 1.9.
Generally all Magento upgrades work by running the updated code with the old database. The differences will be detected and incorporated automatically on the next page request. Magento keeps track of every module's version number for this reason.
Because there is a chance some modification will break it is best to do this on a new (temporary) site then add the modifications back in gradually. That way the old site is still active and uninterrupted.
I think there is no official documentation. The best way is to figure out what core functionality is used in your customizations and after that look at theirs realization in new version: does it changed or not.
To know what was changed in new version you could check changeslist