PSI Probe 3.0.0.M3 released requiring jdk7
Jeremy Landis
3.0.0 Milestone 3 has been released (find it here)
- Support for compressed log download
- Cookie tracking set to cookie to prevent Session ID in URL
- Add system trust store support
- Add trust store and keystore support on tomcat connectors
- Now requires jdk 7
- Many underlying libraries updated to current
- Prototype updated to latest
- All the java 7 goodness updated throughout
- Internal logging fully using slf4j/logback
- Both slf4j and logback project home pages now list psi probe in response to using the frameworks for internal logging
- Many other internal enhancements
Have pressing issues you want addressed in 3.0.0, please provide feedback
here, open an issue, add to existing issues, or file Pull Requests.
Pull Requests are most welcome as this is entirely a volunteer effort.
Upcoming changes planned (in no particular order)
- Fixing known defect with graphs
- Resolving majority of sonar related issues
- More spring annotations to reduce xml usage
- Full log support
- Availability on maven central - snapshots available now with auto feeds to come
- Reducing current issues on github
- Restful API support
Many thanks goes out to all those involved in making milestone 3 especially work from diogosantana.
As
always, keep any pull requests short in scope in order to allow us
easier time to review. The better this is adheared to, the faster
changes will make it into the mainline.
Thanks,
PSI Probe Team
Reminder
Snapshots are now being made available via maven central and can be found here.
https://oss.sonatype.org/content/repositories/snapshots/com/github/psi-probe/psi-probe-web/3.0.0-SNAPSHOT/
These
snapshots are using more maven styled naming thus will differ from
typical probe.war. To retain original usage, just rename it to
probe.war. We will work to adjust the name to conform to original
naming standards as we venture into maven central.
This builds on Milestone 1 that included.
- 100% vulnerability free release. This
means for those using tools that scan NVD database, it's now clean for
the first time in a very long time. It will pass OWASP dependency
check, victimsDB, and Blackduck vulnerability scans. Product has been
scanned by all three and marked clear at this time.
- Core based on tomcat 7
- Now using Spring 4
- Now using spring security 3
- Fully java 6 compliant
- Dropped support for tomcat 6 and lower
- Now knows about pivotal tc
- Oracle drivers now tested up to 11g
- Tomcat tested at 7.0.67, 8.0.30, 9.0.0.M1
- Datasource issues in tomcat 8 resolved
- All underlying libraries are now latest releases available
- Code is brought up to java 6 standards
- Server uptime now provided by jmx
- Too many to count coding issues resolved
- Significant increase in project code coverage from 5 to 25%
This builds on Milestone 2 that included.
- Internal logging using logback
- Support logback SIFT appender on newer revisions
- Spring security 4
- Uses secure cookie and adheres to 15 minute timeout
- Removed legacy jmx libraries as they are part of jvm since 5.0
- Drop tomcat 7.0.15 and earlier specific support as it is vulnerable software
- Fixed start/stop issues in tomcat 8
Known issues.
- Some of the graphs are not displaying properly.
This was introduced sometime around July 2015. I don't know if this
affected 2.4.0 release as I ran newer versions personally between then and
earlier this month. It wasn't otherwise reported and I haven't taken
time to determine the issue. While it's a cool feature, I felt it was
not that overly important and in fact have been running a side version
of 3.0.0 in production since November of 2015 regardless. If you run
across this issue and feel it's importance is really up there, please
file a ticket and if possible a PR fixing the issue. To confirm, verify
the released version of 2.4 doesn't have issue then start around
7/19/15 to determine where it broke. Any help would be greatly
appreciated.