PSI-Probe 3.0.0.M1 Milestone Released
171 views
Skip to first unread message
Jeremy Landis
Jan 24, 2016, 1:26:31 AM1/24/16
to psi-probe
As we move towards psi-probe 3.0.0, a significant number of things have occurred that warrant a early release for wider testing.
Most notible changes
- 100% vulnerability free release. This means for those using tools that scan NVD database, it's now clean for the first time in a very long time. It will pass OWASP dependency check, victimsDB, and Blackduck vulnerability scans. Product has been scanned by all three and marked clear at this time.
- Core based on tomcat 7
- Now using Spring 4
- Now using spring security 3
- Fully java 6 compliant
- Dropped support for tomcat 6 and lower
- Now knows about pivotal tc
- Oracle drivers now tested up to 11g
- Tomcat tested at 7.0.67, 8.0.30, 9.0.0.M1
- Datasource issues in tomcat 8 resolved
- All underlying libraries are now latest releases available
- Code is brought up to java 6 standards
- Server uptime now provided by jmx
- Too many to count coding issues resolved
- Significant increase in project code coverage from 5 to 25%
Known issues.
- Some of the graphs are not displaying properly. This was introduced sometime around July 2015. I don't know if this affected 2.4.0 release as I ran bet versions personally between then and earlier this month. It wasn't otherwise reported and I haven't taken time to determine the issue. While it's a cool feature, I felt it was not that overly important and in fact have been running a side version of 3.0.0 in production since November of 2015 regardless. If you run across this issue and feel it's importance is really up there, please file a ticket and if possible a PR fixing the issue. To confirm, verify the released version of 2.4 doesn't have issue then start around 7/19/15 to determine where it broke. Any help would be greatly appreciated.
Milestone release can be found here.
- https://github.com/psi-probe/psi-probe/releases/tag/3.0.0.M1
Have pressing issues you want addressed in 3.0, please provide feedback here, open an issue, add to existing issues, or file Pull Requests. Pull Requests are most welcome as this is entirely a volunteer effort.
Upcoming changes planned (in no particular order)
- Moving internal logging to native logback
- Fixing known defect with graphs
- Resolving majority of sonar related issues
- Raising spring security to version 4
- Discussion on raising core requirement to java 7
- More spring annotations to reduce xml usage
- Full log support
- Availability on maven central
- Reducing current issues on github
-
As always, keep any pull requests short in scope in order to allow us easier time to review. The better this is adheared to, the faster changes will make it into the mainline.
Thanks,
PSI Probe Team
Most notible changes
- 100% vulnerability free release. This means for those using tools that scan NVD database, it's now clean for the first time in a very long time. It will pass OWASP dependency check, victimsDB, and Blackduck vulnerability scans. Product has been scanned by all three and marked clear at this time.
- Core based on tomcat 7
- Now using Spring 4
- Now using spring security 3
- Fully java 6 compliant
- Dropped support for tomcat 6 and lower
- Now knows about pivotal tc
- Oracle drivers now tested up to 11g
- Tomcat tested at 7.0.67, 8.0.30, 9.0.0.M1
- Datasource issues in tomcat 8 resolved
- All underlying libraries are now latest releases available
- Code is brought up to java 6 standards
- Server uptime now provided by jmx
- Too many to count coding issues resolved
- Significant increase in project code coverage from 5 to 25%
Known issues.
- Some of the graphs are not displaying properly. This was introduced sometime around July 2015. I don't know if this affected 2.4.0 release as I ran bet versions personally between then and earlier this month. It wasn't otherwise reported and I haven't taken time to determine the issue. While it's a cool feature, I felt it was not that overly important and in fact have been running a side version of 3.0.0 in production since November of 2015 regardless. If you run across this issue and feel it's importance is really up there, please file a ticket and if possible a PR fixing the issue. To confirm, verify the released version of 2.4 doesn't have issue then start around 7/19/15 to determine where it broke. Any help would be greatly appreciated.
Milestone release can be found here.
- https://github.com/psi-probe/psi-probe/releases/tag/3.0.0.M1
Have pressing issues you want addressed in 3.0, please provide feedback here, open an issue, add to existing issues, or file Pull Requests. Pull Requests are most welcome as this is entirely a volunteer effort.
Upcoming changes planned (in no particular order)
- Moving internal logging to native logback
- Fixing known defect with graphs
- Resolving majority of sonar related issues
- Raising spring security to version 4
- Discussion on raising core requirement to java 7
- More spring annotations to reduce xml usage
- Full log support
- Availability on maven central
- Reducing current issues on github
-
As always, keep any pull requests short in scope in order to allow us easier time to review. The better this is adheared to, the faster changes will make it into the mainline.
Thanks,
PSI Probe Team
Jeremy Landis
Feb 5, 2016, 9:51:22 PM2/5/16
to psi-probe
Snapshots are now being made available via maven central and can be found here.
https://oss.sonatype.org/content/repositories/snapshots/com/github/psi-probe/psi-probe-web/3.0.0-SNAPSHOT/
These snapshots are using more maven styled naming thus will differ from typical probe.war. To retain original usage, just rename it to probe.war. We will work to adjust the name to conform to original naming standards as we venture into maven central.
https://oss.sonatype.org/content/repositories/snapshots/com/github/psi-probe/psi-probe-web/3.0.0-SNAPSHOT/
These snapshots are using more maven styled naming thus will differ from typical probe.war. To retain original usage, just rename it to probe.war. We will work to adjust the name to conform to original naming standards as we venture into maven central.
Jeremy Landis
Feb 5, 2016, 10:04:17 PM2/5/16
to psi-probe
Current snapshot additionally includes...
- Internal logging using logback
- Support logback SIFT appender on newer revisions
- Spring security 4
- Uses secure cookie and adheres to 15 minute timeout
- Removed legacy jmx libraries as they are part of jvm since 5.0
- Drop tomcat 7.0.15 and earlier specific support as it is vulnerable software
- Fixed start/stop issues in tomcat 8
Please give this pre-release a try and provide feedback. As always pull requests are welcome.
- Internal logging using logback
- Support logback SIFT appender on newer revisions
- Spring security 4
- Uses secure cookie and adheres to 15 minute timeout
- Removed legacy jmx libraries as they are part of jvm since 5.0
- Drop tomcat 7.0.15 and earlier specific support as it is vulnerable software
- Fixed start/stop issues in tomcat 8
Please give this pre-release a try and provide feedback. As always pull requests are welcome.
Jeremy Landis
Feb 5, 2016, 11:08:53 PM2/5/16
to psi-probe
Released milestone #2 to github releases.
https://github.com/psi-probe/psi-probe/releases/tag/3.0.0.M2
https://github.com/psi-probe/psi-probe/releases/tag/3.0.0.M2
Reply all
Reply to author
Forward
0 new messages