Date   

Re: Facing problem while pushing Spring Boot app on PCF

John Liptak
 

I would also specify the java buildpack. If there is a structural problem
in your jar file, the java buildpack may not be detecting it as a Java
application and some other buildpack is attempting to package it.
Generally, spring boot applications and Java buildpacks should have a start
command.

John

On Wed, Sep 28, 2016 at 6:09 AM Daniel Mikusa <dmikusa(a)pivotal.io> wrote:

What is the system you are targeting? For example, a bosh lite install,
PCF-dev, PWS, Bluemix, other? If it's a system you deployed, which CF
Release & Diego release are you using?

Also, can you push *any* applications to it successfully? Maybe try a few
samples from here [1] and see if any of them work.

2016-09-28T07:05:58.000+00:00 [APP] **ERR Usage: /tmp/lifecycle/launcher
<app directory> <start command> <metadata>**

It's this output that has me concerned. You might also want to check the
cell logs to see if there's any additional output on why the launcher is
failing or what arguments it's being given (that it clearly doesn't like).

Dan

[1] - https://github.com/cloudfoundry-samples/



On Wed, Sep 28, 2016 at 3:44 AM, Mohan V <mohan221213(a)gmail.com> wrote:

I am trying to push the simple spring boot app in pcf.
I am completely new to pcf.
I was created manifest.yml file which contain following data:-

applications:
- name: PivotalPushTest
host: PivotalPushTest
memory: 512M
instances: 1
path:
/root/Desktop/PivotalPushTest/target/PivotalPustTest-0.0.1-SNAPSHOT.jar

but when I am pushing this app via cf push command I am getting following
error:-

cf push
Using manifest file /root/Desktop/PivotalPushTest/manifest.yml

Creating app PivotalPushTest in org ORGNAME / space Java-Hadoop as
username(a)domainname.com...
OK

Using route PivotalPushTest.url.com
Binding PivotalPushTest.url.com to PivotalPushTest...
OK

Uploading PivotalPushTest...
Uploading app files from: /tmp/unzipped-app911037164
Uploading 6.1K, 16 files
Done uploading
OK

Starting app PivotalPushTest in org ORGNAME / space Java-Hadoop as
username(a)domainname.com...
Downloading python_buildpack...
Downloading php_buildpack...
Downloading java_buildpack_offline...
Downloading null_buildpack...
Downloading go_buildpack_1-6...
Downloading staticfile_buildpack...
Downloading binary_buildpack...
Downloading ruby_buildpack...
Downloading nodejs_buildpack...
Downloading go_buildpack...
Downloaded python_buildpack
Downloaded nodejs_buildpack
Downloaded binary_buildpack
Downloaded php_buildpack
Downloaded go_buildpack
Downloaded go_buildpack_1-6
Downloaded ruby_buildpack
Downloaded java_buildpack_offline
Downloaded null_buildpack
Downloaded staticfile_buildpack
Creating container
Successfully created container
Downloading app package...
Downloaded app package (6.6K)
Staging...
-----> Nothing to do.
**No start command detected; command must be provided at runtime**
Exit status 0
Staging complete
Uploading droplet, build artifacts cache...
Uploading droplet...
Uploading build artifacts cache...
Uploaded build artifacts cache (109B)
Uploaded droplet (3.7K)
Uploading complete

0 of 1 instances running, 1 crashed
FAILED
Error restarting application: Start unsuccessful

TIP: use 'cf logs PivotalPushTest --recent' for more information

In Apps Manager Logs:-
OUT Exit status 1
2016-09-28T07:05:58.000+00:00 [APP] **ERR Usage: /tmp/lifecycle/launcher
<app directory> <start command> <metadata>**
2016-09-28T07:05:58.000+00:00 [CELL] OUT Exit status 2
2016-09-28T07:05:58.000+00:00 [API] OUT App instance exited with guid
637a95a7-4def-4c43-b00e-454ca6f584f8 payload:
{"instance"=>"460e1817-d616-495e-407e-49991b0026b0", "index"=>0,
"reason"=>"CRASHED", "exit_description"=>"2 error(s) occurred:\n\n* 2
error(s) occurred:\n\n* Exited with status 1\n* cancelled\n* cancelled",
"crash_count"=>1, "crash_timestamp"=>1475046358426721004,
"version"=>"e54e765b-8472-41d5-b14c-eec3f1d41401"}
2016-09-28T07:05:58.000+00:00 [CELL] OUT Creating container
2016-09-28T07:05:58.000+00:00 [CELL] OUT Successfully created container
2016-09-28T07:05:58.000+00:00 [CELL] OUT Starting health monitoring of
container
2016-09-28T07:05:58.000+00:00 [APP] OUT Exit status 1
2016-09-28T07:05:58.000+00:00 [APP] **ERR Usage: /tmp/lifecycle/launcher
<app directory> <start command> <metadata>**
2016-09-28T07:05:58.000+00:00 [CELL] OUT Exit status 2
2016-09-28T07:05:59.000+00:00 [API] OUT App instance exited with guid
637a95a7-4def-4c43-b00e-454ca6f584f8 payload:
{"instance"=>"06f0d873-0050-4e66-6bc8-11ec83ec369f", "index"=>0,
"reason"=>"CRASHED", "exit_description"=>"2 error(s) occurred:\n\n* 2
error(s) occurred:\n\n* Exited with status 1\n* cancelled\n* cancelled",
"crash_count"=>2, "crash_timestamp"=>1475046358988785723,
"version"=>"e54e765b-8472-41d5-b14c-eec3f1d41401"}
2016-09-28T07:05:59.000+00:00 [CELL] OUT Creating container
2016-09-28T07:05:59.000+00:00 [CELL] OUT Successfully created container
2016-09-28T07:05:59.000+00:00 [CELL] OUT Starting health monitoring of
container
2016-09-28T07:05:59.000+00:00 [APP] OUT Exit status 1
2016-09-28T07:05:59.000+00:00 [APP] ERR Usage: /tmp/lifecycle/launcher
<app directory> <start command> <metadata>
2016-09-28T07:05:59.000+00:00 [CELL] OUT Exit status 2

Please Help,
Mohan V.


Re: Redirection to another application using UAA : Best Practices required

Rajan vakharia
 

HI Sree,

Thanks for your inputs, we have couple of questions can you please try to address them as well?

1. We are using "password" grant type and wanted more information : Do we have any api to authenticate and redirection to the url ?
2. In case we are using authorization code grant type & have single client for multiple user. Post the authentication do we get same authorization code for each user or different for each user ?

Thanks,
Rajan Vakharia


Re: Facing problem while pushing Spring Boot app on PCF

Daniel Mikusa
 

What is the system you are targeting? For example, a bosh lite install,
PCF-dev, PWS, Bluemix, other? If it's a system you deployed, which CF
Release & Diego release are you using?

Also, can you push *any* applications to it successfully? Maybe try a few
samples from here [1] and see if any of them work.

2016-09-28T07:05:58.000+00:00 [APP] **ERR Usage: /tmp/lifecycle/launcher
<app directory> <start command> <metadata>**

It's this output that has me concerned. You might also want to check the
cell logs to see if there's any additional output on why the launcher is
failing or what arguments it's being given (that it clearly doesn't like).

Dan

[1] - https://github.com/cloudfoundry-samples/


On Wed, Sep 28, 2016 at 3:44 AM, Mohan V <mohan221213(a)gmail.com> wrote:

I am trying to push the simple spring boot app in pcf.
I am completely new to pcf.
I was created manifest.yml file which contain following data:-

applications:
- name: PivotalPushTest
host: PivotalPushTest
memory: 512M
instances: 1
path: /root/Desktop/PivotalPushTest/target/PivotalPustTest-0.0.1-
SNAPSHOT.jar

but when I am pushing this app via cf push command I am getting following
error:-

cf push
Using manifest file /root/Desktop/PivotalPushTest/manifest.yml

Creating app PivotalPushTest in org ORGNAME / space Java-Hadoop as
username(a)domainname.com...
OK

Using route PivotalPushTest.url.com
Binding PivotalPushTest.url.com to PivotalPushTest...
OK

Uploading PivotalPushTest...
Uploading app files from: /tmp/unzipped-app911037164
Uploading 6.1K, 16 files
Done uploading
OK

Starting app PivotalPushTest in org ORGNAME / space Java-Hadoop as
username(a)domainname.com...
Downloading python_buildpack...
Downloading php_buildpack...
Downloading java_buildpack_offline...
Downloading null_buildpack...
Downloading go_buildpack_1-6...
Downloading staticfile_buildpack...
Downloading binary_buildpack...
Downloading ruby_buildpack...
Downloading nodejs_buildpack...
Downloading go_buildpack...
Downloaded python_buildpack
Downloaded nodejs_buildpack
Downloaded binary_buildpack
Downloaded php_buildpack
Downloaded go_buildpack
Downloaded go_buildpack_1-6
Downloaded ruby_buildpack
Downloaded java_buildpack_offline
Downloaded null_buildpack
Downloaded staticfile_buildpack
Creating container
Successfully created container
Downloading app package...
Downloaded app package (6.6K)
Staging...
-----> Nothing to do.
**No start command detected; command must be provided at runtime**
Exit status 0
Staging complete
Uploading droplet, build artifacts cache...
Uploading droplet...
Uploading build artifacts cache...
Uploaded build artifacts cache (109B)
Uploaded droplet (3.7K)
Uploading complete

0 of 1 instances running, 1 crashed
FAILED
Error restarting application: Start unsuccessful

TIP: use 'cf logs PivotalPushTest --recent' for more information

In Apps Manager Logs:-
OUT Exit status 1
2016-09-28T07:05:58.000+00:00 [APP] **ERR Usage: /tmp/lifecycle/launcher
<app directory> <start command> <metadata>**
2016-09-28T07:05:58.000+00:00 [CELL] OUT Exit status 2
2016-09-28T07:05:58.000+00:00 [API] OUT App instance exited with guid
637a95a7-4def-4c43-b00e-454ca6f584f8 payload: {"instance"=>"460e1817-d616-495e-407e-49991b0026b0",
"index"=>0, "reason"=>"CRASHED", "exit_description"=>"2 error(s)
occurred:\n\n* 2 error(s) occurred:\n\n* Exited with status 1\n*
cancelled\n* cancelled", "crash_count"=>1, "crash_timestamp"=>1475046358426721004,
"version"=>"e54e765b-8472-41d5-b14c-eec3f1d41401"}
2016-09-28T07:05:58.000+00:00 [CELL] OUT Creating container
2016-09-28T07:05:58.000+00:00 [CELL] OUT Successfully created container
2016-09-28T07:05:58.000+00:00 [CELL] OUT Starting health monitoring of
container
2016-09-28T07:05:58.000+00:00 [APP] OUT Exit status 1
2016-09-28T07:05:58.000+00:00 [APP] **ERR Usage: /tmp/lifecycle/launcher
<app directory> <start command> <metadata>**
2016-09-28T07:05:58.000+00:00 [CELL] OUT Exit status 2
2016-09-28T07:05:59.000+00:00 [API] OUT App instance exited with guid
637a95a7-4def-4c43-b00e-454ca6f584f8 payload: {"instance"=>"06f0d873-0050-4e66-6bc8-11ec83ec369f",
"index"=>0, "reason"=>"CRASHED", "exit_description"=>"2 error(s)
occurred:\n\n* 2 error(s) occurred:\n\n* Exited with status 1\n*
cancelled\n* cancelled", "crash_count"=>2, "crash_timestamp"=>1475046358988785723,
"version"=>"e54e765b-8472-41d5-b14c-eec3f1d41401"}
2016-09-28T07:05:59.000+00:00 [CELL] OUT Creating container
2016-09-28T07:05:59.000+00:00 [CELL] OUT Successfully created container
2016-09-28T07:05:59.000+00:00 [CELL] OUT Starting health monitoring of
container
2016-09-28T07:05:59.000+00:00 [APP] OUT Exit status 1
2016-09-28T07:05:59.000+00:00 [APP] ERR Usage: /tmp/lifecycle/launcher
<app directory> <start command> <metadata>
2016-09-28T07:05:59.000+00:00 [CELL] OUT Exit status 2

Please Help,
Mohan V.


Facing problem while pushing Spring Boot app on PCF

Mohan V <mohan221213@...>
 

I am trying to push the simple spring boot app in pcf.
I am completely new to pcf.
I was created manifest.yml file which contain following data:-

applications:
- name: PivotalPushTest
host: PivotalPushTest
memory: 512M
instances: 1
path: /root/Desktop/PivotalPushTest/target/PivotalPustTest-0.0.1-SNAPSHOT.jar

but when I am pushing this app via cf push command I am getting following error:-

cf push
Using manifest file /root/Desktop/PivotalPushTest/manifest.yml

Creating app PivotalPushTest in org ORGNAME / space Java-Hadoop as username(a)domainname.com...
OK

Using route PivotalPushTest.url.com
Binding PivotalPushTest.url.com to PivotalPushTest...
OK

Uploading PivotalPushTest...
Uploading app files from: /tmp/unzipped-app911037164
Uploading 6.1K, 16 files
Done uploading
OK

Starting app PivotalPushTest in org ORGNAME / space Java-Hadoop as username(a)domainname.com...
Downloading python_buildpack...
Downloading php_buildpack...
Downloading java_buildpack_offline...
Downloading null_buildpack...
Downloading go_buildpack_1-6...
Downloading staticfile_buildpack...
Downloading binary_buildpack...
Downloading ruby_buildpack...
Downloading nodejs_buildpack...
Downloading go_buildpack...
Downloaded python_buildpack
Downloaded nodejs_buildpack
Downloaded binary_buildpack
Downloaded php_buildpack
Downloaded go_buildpack
Downloaded go_buildpack_1-6
Downloaded ruby_buildpack
Downloaded java_buildpack_offline
Downloaded null_buildpack
Downloaded staticfile_buildpack
Creating container
Successfully created container
Downloading app package...
Downloaded app package (6.6K)
Staging...
-----> Nothing to do.
**No start command detected; command must be provided at runtime**
Exit status 0
Staging complete
Uploading droplet, build artifacts cache...
Uploading droplet...
Uploading build artifacts cache...
Uploaded build artifacts cache (109B)
Uploaded droplet (3.7K)
Uploading complete

0 of 1 instances running, 1 crashed
FAILED
Error restarting application: Start unsuccessful

TIP: use 'cf logs PivotalPushTest --recent' for more information

In Apps Manager Logs:-
OUT Exit status 1
2016-09-28T07:05:58.000+00:00 [APP] **ERR Usage: /tmp/lifecycle/launcher <app directory> <start command> <metadata>**
2016-09-28T07:05:58.000+00:00 [CELL] OUT Exit status 2
2016-09-28T07:05:58.000+00:00 [API] OUT App instance exited with guid 637a95a7-4def-4c43-b00e-454ca6f584f8 payload: {"instance"=>"460e1817-d616-495e-407e-49991b0026b0", "index"=>0, "reason"=>"CRASHED", "exit_description"=>"2 error(s) occurred:\n\n* 2 error(s) occurred:\n\n* Exited with status 1\n* cancelled\n* cancelled", "crash_count"=>1, "crash_timestamp"=>1475046358426721004, "version"=>"e54e765b-8472-41d5-b14c-eec3f1d41401"}
2016-09-28T07:05:58.000+00:00 [CELL] OUT Creating container
2016-09-28T07:05:58.000+00:00 [CELL] OUT Successfully created container
2016-09-28T07:05:58.000+00:00 [CELL] OUT Starting health monitoring of container
2016-09-28T07:05:58.000+00:00 [APP] OUT Exit status 1
2016-09-28T07:05:58.000+00:00 [APP] **ERR Usage: /tmp/lifecycle/launcher <app directory> <start command> <metadata>**
2016-09-28T07:05:58.000+00:00 [CELL] OUT Exit status 2
2016-09-28T07:05:59.000+00:00 [API] OUT App instance exited with guid 637a95a7-4def-4c43-b00e-454ca6f584f8 payload: {"instance"=>"06f0d873-0050-4e66-6bc8-11ec83ec369f", "index"=>0, "reason"=>"CRASHED", "exit_description"=>"2 error(s) occurred:\n\n* 2 error(s) occurred:\n\n* Exited with status 1\n* cancelled\n* cancelled", "crash_count"=>2, "crash_timestamp"=>1475046358988785723, "version"=>"e54e765b-8472-41d5-b14c-eec3f1d41401"}
2016-09-28T07:05:59.000+00:00 [CELL] OUT Creating container
2016-09-28T07:05:59.000+00:00 [CELL] OUT Successfully created container
2016-09-28T07:05:59.000+00:00 [CELL] OUT Starting health monitoring of container
2016-09-28T07:05:59.000+00:00 [APP] OUT Exit status 1
2016-09-28T07:05:59.000+00:00 [APP] ERR Usage: /tmp/lifecycle/launcher <app directory> <start command> <metadata>
2016-09-28T07:05:59.000+00:00 [CELL] OUT Exit status 2

Please Help,
Mohan V.


Re: FW: issue tracker permissions

Guillaume Berche
 

Thanks Lisa, the "Viewers can follow" feature will be very useful to the CF
community. I plan to redact the GH issue mirrors as to reduce the confusion
caused by implicit cross links between issues that Marco reminded (see
related [a]). When the "Viewers can follow" feature is available, there
will be no more value in discovering GH issues mirrors.

Are there future plans in the tracker to enable viewers to get
notifications for all stories in the backlog ? If not, the promising stack
integration [4], which requires PT project owners to configure the Slack
webhook URL, could help. With collaboration from owners of the Foundation
trackers, this could result into a slack channel per PT project, where
community members can watch related activity, much like what the buildpacks
team have already set up into [b].

The remaining added value for the mirrored GH issues will then be:
- community members "commenting" backlogs in context.
- searching across multiple PT projects

Is the tracker team also planning to address the latter two use-cases ?

Thanks again,

[a]
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues/1#issuecomment-238706510
[b] https://cloudfoundry.slack.com/messages/buildpacks-firehose/
[4] https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker
"On that page, find the *Activity Web Hook* section. Add
https://hooks.slack.com/services/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
as your Web Hook URL. Ensure that the API Version is set to v5 and then
click *Save Web Hook Settings*."

Guillaume.

On Mon, Sep 26, 2016 at 6:26 PM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hi all -- a couple people reached out asking for a date for Viewers can
follow. We are currently targeting November of this year.

Thanks,
Lisa

On Mon, Sep 26, 2016 at 10:03 AM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hi all,

Just to re-iterate, we do have this feature prioritized on the Tracker
team. I'm sorry we haven't been able to deliver this yet, but there are a
number of other higher priority items that we must attend to before we can
begin this work. We will keep you posted as we get closer to implementing
this.

Thanks,
Lisa

On Sun, Sep 25, 2016 at 12:54 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

Dear Guillaume,

Thanks for your efforts in this direction. As I already stated before,
it is really a pain that you are not able to follow stories or comment when
not being a member in a Pivotaltracker project. However, github issues
aren’t more than a crutch, probably not even a good one.

For example, GH issues cannot be ordered. They are in the order of
creation, priorization is not visible. Therefore, if you look e.g. at the
BOSH mirror [1], there are a bunch of “unstarted” and “unscheduled” issues,
the first “started” one comes on page 2. For bugs, it gets more confusing.
Most people have the github bot activated, which creates a PT story for
each GH issue created. This is already confusing, because you have two
places where potentially updates to this bug could be located in, and
nobody knows where to look. Add in the mirroring, and now you have three
places, see an example for the buildpacks [2]. All of this is not your
fault, it is a restriction on how GH deals with issues and the fact that
we’re distributing information over more than one place.

While I appreciate your efforts and time spent on this: I strongly feel
that is an issue that can only be solved by one of two options:
• The Pivotaltracker team implementing the necessary functionality
• Migrating to a different tracker

I’m trying all I can to push for the first option by talking to Dan and
Lisa, but other features seem to be more important to the PT team. In
November, it has been a year since I asked for this, so my confidence isn’t
very high that it is going to happen at all. For me that just means option
two is getting more and more realistic every day.

Warm regards
Marco

[1] https://github.com/cf-tm-bot/bosh/issues
[2] https://github.com/cloudfoundry/staticfile-buildpack/issues/85



-----Original Message-----
From: Guillaume Berche <bercheg(a)gmail.com>
Date: Saturday, 24 September 2016 at 12:29
To: "Discussions about Cloud Foundry projects and the system overall." <
cf-dev(a)lists.cloudfoundry.org>
Cc: Chip Childers <cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <
cholick(a)gmail.com>, Dan Podsedly <dpodsedly(a)pivotal.io>, Lisa Doan <
ldoan(a)pivotal.io>, "Voelz, Marco" <marco.voelz(a)sap.com>
Subject: Re: [cf-dev] Re: FW: issue tracker permissions

Hi,


The mirroring of foundation projects is around 60% complete. See [5]
for more detailed coverage. This should enable community members to watch
the most active foundation backlogs. I received no notifications of
negative side effects of this mirroring so
far. I'll proceed with mirroring the remaining projects in the next
days/weeks.

There are interesting next steps that could be tackled, such as
enabling commenting on the backlogs, or searching across all foundation
backlog history, see [3]. Let me know if you have interests in discussing
these next steps and current challenges faced by
the mirroring process. The upcoming Frankfurt cfsummit unconference
on monday might be a good place for this, I'd propose a subject if I
receive some interest.


Thanks,


Guillaume.






Guillaume.




On Mon, Sep 5, 2016 at 10:21 PM, Guillaume Berche
<bercheg(a)gmail.com> wrote:

Hi,


We have prototyped at Orange an automatic mirroring of Pivotal
Tracker (PT) stories into github issues. See pivotaltrackermirror at [1],
and the experimental mirror of the buildpack tracker at [2]. I'd like to
thanks the buildpacks team for accepting to join
this experiment and providing us with feedback in the past few
weeks.

We hope this could bring the following benefits to the CF community:

1. allow use of the
watching notifications <https://help.github.com/artic
les/about-notifications/#types-of-notifications> github feature to
track progress on public pivotal trackers projects: all stories or selected
stories of interest.
2. allow use of
github search features <https://help.github.com/artic
les/searching-github> to search Pivotal Tracker content (e.g. accross
multiple mirrored PT projects, or along with other github repositories
hosting the associated code)
3. allow use of
github @mentions <https://help.github.com/artic
les/basic-writing-and-formatting-syntax/#mentioning-users-and-teams> to
contact github accounts associated with PT public projects contributors, in
the context with a specific mirrored story
4. mirrored content becomes discoverable: search engines index it,
making it easier to find mirrored PT content such as a stack trace

This is still experimental work. We would like to hear community
feedback about this initiative (how is it useful?), as well as core
contributor teams (are there unexpected side-effects that need to be
handled beyond what we fixed so far [3]?) Do you have
suggestions for enhancements: can you comment/vote/improve in [3]?


Our plan is to progressively extend this experiment to more trackers
listed in [5] (in a rate of a few projects per week). Please report issues
on [3] if you observe negative side effects, or reply to this email if you
have concerns about this mirroring.



There still a fair amount of work ahead to convert this experiment
into a stable tool, and opportunities to provide some new cool features to
the community. Contributions are welcome :-)



Thanks,


Guillaume.



ps: I also recently noticed a PT slack integration [4] that would
also cover use-case #1 (get notifications for all stories in a tracker).
I'm not yet sure what it takes to add it to a given channel.


[1]
https://github.com/orange-cloudfoundry/pivotaltrackermirror <
https://github.com/orange-cloudfoundry/pivotaltrackermirror>
[2] https://github.com/cf-tm-bot/buildpacks
[3]
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues <
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues>
[4]
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker <
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker>
[5]
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki <
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki>





Guillaume.




On Sun, May 29, 2016 at 8:05 PM, John Wong
<gokoproject(a)gmail.com> wrote:

Just an idea... Is there a feature in Tracker to always cc
someone/some email address? For non security and non confidential stories
we can Cc this email address automatically which will post to a google
group and a thread will be built as comment is added.
This at least allow a read-only mirror.


Just a thought...


On Sunday, May 29, 2016, Voelz, Marco <marco.voelz(a)sap.com> wrote:

Dear Dan, dear Lisa, dear Chip, dear community,

sorry for digging out this old issue again and again. If you are
just tuning in, here is the situation
·
I like Pivotal Tracker as a product
·
I have to use Tracker for my daily work, as it is currently
mandatory for all CFF projects and all of them use it
·
The restrictions in pivotal tracker make it hard to impossible to do
the daily stuff you want to do within a large open-source community.

After initially bringing this up in November last year, here are a
few of the problems I addressed with Dan in a hangout session in February:
·
To follow stories in a project you need to be a member of that
project. Therefore, you cannot track progress on stories in other projects.
·
To comment on stories, the same restrictions as above apply

It has been 3 months since Dan and I talked, I’ve checked back every
4 weeks with him and what I’ve heard so far is ideas. I haven’t seen a
prototype, any specifics on the current state,
any planning details. It’s not like I’m demanding this feature
should be done by now – I just want to know what is going on.

I have to say I am very unhappy in how this topic is treated. From
my point of view, it seems like there is a huge lack of transparency and
feedback. Please, let me know what’s going on.
I don’t want to switch to a different tracker, such as e.g. trello,
but if the requirements of a large open-source community aren’t heard, then
I don’t know what else to do about this.

Warm regards
Marco

PS: What about a public tracker backlog in tracker, so people can
follow their favorite feature stories and see where they are in the
planning and when they’re done?


On 16/01/16 13:09, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:





Dear all,



it has now been more than a month since I sent my feedback
concerning this feature to the tracker team – I haven't received any
reaction to it.

@Chip:
Is there an option you could weigh in for this from the Foundation
perspective? That would be great!



Sorry for being so stubborn about this, but in my opinion this is a
crucial feature for a bug tracker/backlog which is used in an open-source
product. I know that all the people
working directly at pivotal don't feel the pain, because they can
either talk directly to everyone in person or have the necessary rights to
comment/follow in the other projects, but for everyone else this is really,
really a problem.



Warm regards

Marco



On 09/12/15 21:20, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:




Thanks for pointing me to this link. However, we seem to have the
same problem here: This seems like a fire-and-forget solution. Where does
this item go? How can I send it to
other people and have them +1 it, like it, follow it, favorite it
or whatever is necessary to indicate that there is more than 1 person
wanting this feature?




Thanks and warm regards

Marco



On 09/12/15 20:01, "Amit Gupta" <agupta(a)pivotal.io> wrote:




If you're logged in to Tracker, there's a "Help & Updates" link at
the top, and one of the options is Provide Feedback.


On Wed, Dec 9, 2015 at 10:59 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

I'd happily submit a feature request to build up some visible demand
for this – could you point me to the right channel here?




Thanks and warm regards

Marco



On 08/12/15 23:01, "Dieu Cao" <dcao(a)pivotal.io> wrote:





Unfortunately in order to follow a story in tracker, the minimum
required level is "member" which allows you to create/comment/delete
stories in tracker.

I would suggest submitting a request to the pivotal tracker team to
help build up evidence that this is a feature that people want.



-Dieu



On Tue, Dec 8, 2015 at 12:49 PM, Matt Cholick <cholick(a)gmail.com>
wrote:

Sorry to resurrect an older thread, but I wanted to chime in that
this is a frustration I have too. There are several stories in the various
CF teams public backlogs that I'd
like to keep track of.


Is it possible for community members to get enough permissions on
our tracker accounts to add ourselves to the follow list?



-Matt



On Mon, Nov 23, 2015 at 3:10 AM, Koper, Dies <
diesk(a)fast.au.fujitsu.com> wrote:

Hi Marco, Jan,

I sent an email to Tracker support about that last week because we
were hoping to close CLI feature requests on GH and let people follow the
stories on Tracker. Support confirmed that people need to have R/W access
to a project to do that.
I have just replied to ask if they'd consider an enhancement. Not
sure what the proper channel would be to get such a story prioritized.
Will let you know if I get a reply.

Regards,
Dies Koper
Cloud Foundry CLI PM

-----Original Message-----
From: Voelz, Marco [mailto:marco.voelz(a)sap.com]
Sent: Monday, November 23, 2015 8:00 PM
To: Discussions about Cloud Foundry projects and the system overall.
Subject: [cf-dev] Re: FW: issue tracker permissions

Thanks Jan for bringing that up, I've had similar problems with that
as well. Any ideas on how to solve this? Is this a feature that the tracker
team actively works on?
Hitting cmd+r every few days on the same stories doesn't seem like
the best way to stay informed about your favorite features.

Warm regards
Marco



On 19/11/15 09:23, "Sievers, Jan" <jan.sievers(a)sap.com> wrote:

>>Hi,
>>
>>I was trying to watch a story I am interested in
>>https://www.pivotaltracker.com/n/projects/892938/stories/105493826
>>
>>
>>I do have an account but it seems I don't have permissions to
watch nor to comment.
>>
>>Is there something I missed?
>>
>>Regards
>>Jan
>>





































































--
Sent from Jeff Dean's printf() mobile console















Re: Redirection to another application using UAA : Best Practices required

Sree Tummidi
 

Hi Rajan,

The best practice to use UAA as the OAuth Authorization Server and enable
your Application as an OAuth Client.
You need to register an OAuth client for your App and as part of the
registration specify the redirect URI.
Since you have a web application , you have two choices in terms of the
grant type . You can either use the Authorization Code or Implicit (If you
have a Single Page App)

Your application needs to redirect to the OAuth Authorize End Point. UAA
will take care of authenticating and authorizing the user and redirecting
to the app with the token.
Please refer to the UAA docs here :

http://docs.cloudfoundry.com/uaa/?http#authorization-code-grant
http://docs.cloudfoundry.com/uaa/?http#authorization-code-grant13
http://docs.cloudfoundry.com/uaa/?http#create90


Thanks,
Sree Tummidi
Staff Product Manager
Identity - Pivotal Cloud Foundry


On Tue, Sep 27, 2016 at 4:23 AM, Rajan vakharia <rajan.vakharia(a)gmail.com>
wrote:

Cloud Foundry UAA Behaviour:

1. We need to call the login.do for authentication
2. Another call is needed to token service /oauth/token for
getting the token.

Requirement

1. Our application should redirect to UAA login page in case of
invalid token or token not present
2. Login.html should always reside in UAA
3. On successful authentication UAA should redirect to Index.html
(Landing page of our application) with valid token as authentication header

Solution:

There is Login.html present in UAA service which is specifically used for
Login & doesn't return any token.
Following modification will be done in order to redirect to our
application passing the token

1. UAA's Login.html will call the /oauth/token service call using
the AJAX & acquire the token. We are sending (user id, password, client id,
credentails & grant type)
2. On receiving the token, Login.html(UAA Resource) will redirect
to index.html(Our Application resource) by passing the token in URI using
the window.location.href of JS
3. The window.location.href will make browser to call the
index.html & we will capture the token to validate it

I want to know whether the above mentioned process is the best practise ?

If not? can some one suggest the best pratice for redirection & acquiring
the token?


Re: Announcement: default etcd cluster to TLS in cf-release spiff templates

Rich Wohlstadter
 

Hi Michael,

We were hitting the same issue. It turned out to be that that the etcd_proxy (temporarily on etcd_z2) was advertising dns for cf-etcd.service.cf.internal which caused some of the below services to try and contact the proxy securely which would fail. What we did is added a step after you generate the manifest and get ready to deploy the upgrade to v241, edit and delete the following consul property on your etcd_z2 job before deploying:

consul:
agent:
services:
etcd:
name: cf-etcd

That solved the issue. Once everything is talking to the secure etcd standalone and you scale back up the generation scripts will add it back in and your good to go. Hope this helps.

-Rich


Redirection to another application using UAA : Best Practices required

Rajan vakharia
 

Cloud Foundry UAA Behaviour:

1. We need to call the login.do for authentication
2. Another call is needed to token service /oauth/token for getting the token.

Requirement

1. Our application should redirect to UAA login page in case of invalid token or token not present
2. Login.html should always reside in UAA
3. On successful authentication UAA should redirect to Index.html (Landing page of our application) with valid token as authentication header

Solution:

There is Login.html present in UAA service which is specifically used for Login & doesn't return any token.
Following modification will be done in order to redirect to our application passing the token

1. UAA's Login.html will call the /oauth/token service call using the AJAX & acquire the token. We are sending (user id, password, client id, credentails & grant type)
2. On receiving the token, Login.html(UAA Resource) will redirect to index.html(Our Application resource) by passing the token in URI using the window.location.href of JS
3. The window.location.href will make browser to call the index.html & we will capture the token to validate it

I want to know whether the above mentioned process is the best practise ?

If not? can some one suggest the best pratice for redirection & acquiring the token?


Re: Announcement: default etcd cluster to TLS in cf-release spiff templates

Adrian Zankich
 

Hi Michael,

Are you still experiencing upgrade issues? Are you deploying multiple instances of the hm9000, loggregator_trafficcontroller and doppler jobs?

- Adrian


Re: [HIGH] CVE-2016-6651: Privilege Escalation in UAA

Timothy Hausler
 

Mike,

CC uses offline validation so that it does not have to talk to the UAA for
every request. Right now there is no way to configure CC to use online
validation.

Best,
Tim

On Mon, Sep 26, 2016 at 12:17 PM, Mike Youngstrom <youngm(a)gmail.com> wrote:

Anyone know off hand if CC uses online or offline validation? If
configurable what config would we look for to know if it is online or
offline?

Thanks,
Mike

On Mon, Sep 26, 2016 at 12:58 PM, Molly Crowther <
mcrowther(a)cloudfoundry.org> wrote:

Hello all,

In the interest of full public disclosure, the CFF Security Team would
also like to share some additional information about this vulnerability
that will aid in testing and remediation. Please let us know if you have
any questions or concerns.

Thanks,
Molly Crowther
Cloud Foundry Foundation Security Team
Description of Vulnerability

The vulnerability exposes an untested parameter that lets any application
add arbitrary scopes (permissions) to an access token.

curl https://login.urlredacted.com/oauth/token
<https://login.run.pivotal.io/oauth/token> \

-H"Accept: Application/json" \

-u "cf:" \

-d "username=<username here>" \

-d "password=<password here>" \

-d "client_id=cf" \

-d "grant_type=password" \

-d "response_type=token" \

-d "external_scopes=cloud_controller.test"

A vulnerable system will return the following response:

{

"access_token": "redacted for readability",

"expires_in": 599,

"jti": "redacted for readability",

"refresh_token": "redacted for readability",

"scope": "openid … cloud_controller.test",

"token_type": "bearer"

}

cloud_controller.test is an arbitrary string, but may as well be
cloud_controller.admin.

Applications that perform off-line validation will happily accept the
inserted string as a permission. Applications that use online validations,
i.e. the use of the /check_token UAA API endpoint, are not vulnerable - the
UAA validates the permissions against what’s in the database (uaadb).

A patched system will ignore the external_scopes parameter completely,
and cloud_controller.test will not be returned in the response.

On Mon, Sep 26, 2016 at 11:23 AM, Molly Crowther <
mcrowther(a)cloudfoundry.org> wrote:

CVE-2016-6651: Privilege Escalation in UAA
Severity

High
Vendor

Cloud Foundry Foundation
Versions Affected

-

Cloud Foundry release v242 and earlier versions
-

UAA release v3.7.0 & earlier versions
-

UAA bosh release (uaa-release) v16 & earlier versions

Description

A privilege escalation vulnerability has been identified with the
/oauth/token endpoint in UAA allowing users to elevate the privileges in
the token issued.
Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

-

Upgrade to Cloud Foundry v243 [1] or later
-

For standalone UAA users
-

For users using UAA Version 3.0.0 - 3.7.0, please upgrade to UAA
Release to v3.7.3[2], v3.4.5[3] or v3.3.0.6[4]
-

For users using standalone UAA Version 2.X.X, please upgrade to
UAA Release to v2.7.4.8 [5]
-

For users using UAA bosh release, please upgrade to UAA-Release
v17 [6] if upgrading to v3.7.3 [2] ,v12.6 [7] if upgrading to v3.4.5[3] or
v11.7 [8] if upgrading to v3.3.0.6[4]

Credit

SAP HCP Security Team
References

-

[1] https://github.com/cloudfoundry/cf-release/releases/tag/v243
-

[2] https://github.com/cloudfoundry/uaa/releases/tag/3.7.3
-

[3] https://github.com/cloudfoundry/uaa/releases/tag/3.4.5
-

[4] https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.6
-

[5] https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.8
-

[6] https://github.com/cloudfoundry/uaa-release/releases/tag/v17
-

[7] https://github.com/cloudfoundry/uaa-release/releases/tag/v12.6
-

[8] https://github.com/cloudfoundry/uaa-release/releases/tag/v11.7

History2016-09-26: Initial vulnerability report published


Re: [HIGH] CVE-2016-6651: Privilege Escalation in UAA

Mike Youngstrom
 

Anyone know off hand if CC uses online or offline validation? If
configurable what config would we look for to know if it is online or
offline?

Thanks,
Mike

On Mon, Sep 26, 2016 at 12:58 PM, Molly Crowther <mcrowther(a)cloudfoundry.org
wrote:
Hello all,

In the interest of full public disclosure, the CFF Security Team would
also like to share some additional information about this vulnerability
that will aid in testing and remediation. Please let us know if you have
any questions or concerns.

Thanks,
Molly Crowther
Cloud Foundry Foundation Security Team
Description of Vulnerability

The vulnerability exposes an untested parameter that lets any application
add arbitrary scopes (permissions) to an access token.

curl https://login.urlredacted.com/oauth/token
<https://login.run.pivotal.io/oauth/token> \

-H"Accept: Application/json" \

-u "cf:" \

-d "username=<username here>" \

-d "password=<password here>" \

-d "client_id=cf" \

-d "grant_type=password" \

-d "response_type=token" \

-d "external_scopes=cloud_controller.test"

A vulnerable system will return the following response:

{

"access_token": "redacted for readability",

"expires_in": 599,

"jti": "redacted for readability",

"refresh_token": "redacted for readability",

"scope": "openid … cloud_controller.test",

"token_type": "bearer"

}

cloud_controller.test is an arbitrary string, but may as well be
cloud_controller.admin.

Applications that perform off-line validation will happily accept the
inserted string as a permission. Applications that use online validations,
i.e. the use of the /check_token UAA API endpoint, are not vulnerable - the
UAA validates the permissions against what’s in the database (uaadb).

A patched system will ignore the external_scopes parameter completely,
and cloud_controller.test will not be returned in the response.

On Mon, Sep 26, 2016 at 11:23 AM, Molly Crowther <
mcrowther(a)cloudfoundry.org> wrote:

CVE-2016-6651: Privilege Escalation in UAA
Severity

High
Vendor

Cloud Foundry Foundation
Versions Affected

-

Cloud Foundry release v242 and earlier versions
-

UAA release v3.7.0 & earlier versions
-

UAA bosh release (uaa-release) v16 & earlier versions

Description

A privilege escalation vulnerability has been identified with the
/oauth/token endpoint in UAA allowing users to elevate the privileges in
the token issued.
Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

-

Upgrade to Cloud Foundry v243 [1] or later
-

For standalone UAA users
-

For users using UAA Version 3.0.0 - 3.7.0, please upgrade to UAA
Release to v3.7.3[2], v3.4.5[3] or v3.3.0.6[4]
-

For users using standalone UAA Version 2.X.X, please upgrade to
UAA Release to v2.7.4.8 [5]
-

For users using UAA bosh release, please upgrade to UAA-Release
v17 [6] if upgrading to v3.7.3 [2] ,v12.6 [7] if upgrading to v3.4.5[3] or
v11.7 [8] if upgrading to v3.3.0.6[4]

Credit

SAP HCP Security Team
References

-

[1] https://github.com/cloudfoundry/cf-release/releases/tag/v243
-

[2] https://github.com/cloudfoundry/uaa/releases/tag/3.7.3
-

[3] https://github.com/cloudfoundry/uaa/releases/tag/3.4.5
-

[4] https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.6
-

[5] https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.8
-

[6] https://github.com/cloudfoundry/uaa-release/releases/tag/v17
-

[7] https://github.com/cloudfoundry/uaa-release/releases/tag/v12.6
-

[8] https://github.com/cloudfoundry/uaa-release/releases/tag/v11.7

History2016-09-26: Initial vulnerability report published


Re: [HIGH] CVE-2016-6651: Privilege Escalation in UAA

Molly Crowther
 

Hello all,

In the interest of full public disclosure, the CFF Security Team would also
like to share some additional information about this vulnerability that
will aid in testing and remediation. Please let us know if you have any
questions or concerns.

Thanks,
Molly Crowther
Cloud Foundry Foundation Security Team
Description of Vulnerability

The vulnerability exposes an untested parameter that lets any application
add arbitrary scopes (permissions) to an access token.

curl https://login.urlredacted.com/oauth/token
<https://login.run.pivotal.io/oauth/token> \

-H"Accept: Application/json" \

-u "cf:" \

-d "username=<username here>" \

-d "password=<password here>" \

-d "client_id=cf" \

-d "grant_type=password" \

-d "response_type=token" \

-d "external_scopes=cloud_controller.test"

A vulnerable system will return the following response:

{

"access_token": "redacted for readability",

"expires_in": 599,

"jti": "redacted for readability",

"refresh_token": "redacted for readability",

"scope": "openid … cloud_controller.test",

"token_type": "bearer"

}

cloud_controller.test is an arbitrary string, but may as well be
cloud_controller.admin.

Applications that perform off-line validation will happily accept the
inserted string as a permission. Applications that use online validations,
i.e. the use of the /check_token UAA API endpoint, are not vulnerable - the
UAA validates the permissions against what’s in the database (uaadb).

A patched system will ignore the external_scopes parameter completely, and
cloud_controller.test will not be returned in the response.

On Mon, Sep 26, 2016 at 11:23 AM, Molly Crowther <mcrowther(a)cloudfoundry.org
wrote:
CVE-2016-6651: Privilege Escalation in UAA
Severity

High
Vendor

Cloud Foundry Foundation
Versions Affected

-

Cloud Foundry release v242 and earlier versions
-

UAA release v3.7.0 & earlier versions
-

UAA bosh release (uaa-release) v16 & earlier versions

Description

A privilege escalation vulnerability has been identified with the
/oauth/token endpoint in UAA allowing users to elevate the privileges in
the token issued.
Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

-

Upgrade to Cloud Foundry v243 [1] or later
-

For standalone UAA users
-

For users using UAA Version 3.0.0 - 3.7.0, please upgrade to UAA
Release to v3.7.3[2], v3.4.5[3] or v3.3.0.6[4]
-

For users using standalone UAA Version 2.X.X, please upgrade to UAA
Release to v2.7.4.8 [5]
-

For users using UAA bosh release, please upgrade to UAA-Release v17
[6] if upgrading to v3.7.3 [2] ,v12.6 [7] if upgrading to v3.4.5[3] or
v11.7 [8] if upgrading to v3.3.0.6[4]

Credit

SAP HCP Security Team
References

-

[1] https://github.com/cloudfoundry/cf-release/releases/tag/v243
-

[2] https://github.com/cloudfoundry/uaa/releases/tag/3.7.3
-

[3] https://github.com/cloudfoundry/uaa/releases/tag/3.4.5
-

[4] https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.6
-

[5] https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.8
-

[6] https://github.com/cloudfoundry/uaa-release/releases/tag/v17
-

[7] https://github.com/cloudfoundry/uaa-release/releases/tag/v12.6
-

[8] https://github.com/cloudfoundry/uaa-release/releases/tag/v11.7

History2016-09-26: Initial vulnerability report published


[LOW] CVE-2016-6637 UAA CSRF Vulnerability for OAuth Approvals

Molly Crowther
 

CVE-2016-6637 UAA CSRF Vulnerability for OAuth Approvals
Severity

Low
Vendor

Cloud Foundry Foundation
Versions Affected

-

Cloud Foundry release v241 and earlier versions
-

UAA release v2.0.0 - v2.7.4.6 & v3.0.0 - v3.6.0
-

UAA bosh release v15 & earlier versions

Description

The profile and authorize approval pages do not contain CSRF tokens, making
an exploit to approve or deny scopes possible.
Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

-

Upgrade to Cloud Foundry v242 [1] or later
-

For standalone UAA users
-

For users using UAA Version 3.0.0 - 3.6.0, please upgrade to UAA
Release to v3.7.0[2], v3.4.4[3] or v3.3.0.5[4]
-

For users using standalone UAA Version 2.X.X, please upgrade to UAA
Release to v2.7.4.7 [5]
-

For users using UAA bosh release, please upgrade to UAA-Release v16
[6] if upgrading to v3.7.0 [2] ,v12.5 [7] if upgrading to v3.4.4[3] or
v11.5 [8] if upgrading to v3.3.0.5[4]

Credit

GE Digital Security Team
References

-

[1] https://github.com/cloudfoundry/cf-release/releases/tag/v242
-

[2] https://github.com/cloudfoundry/uaa/releases/tag/3.7.0
-

[3] https://github.com/cloudfoundry/uaa/releases/tag/3.4.4
-

[4] https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.5
-

[5] https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.7
-

[6] https://github.com/cloudfoundry/uaa-release/releases/tag/v16
-

[7] https://github.com/cloudfoundry/uaa-release/releases/tag/v12.5
-

[8] https://github.com/cloudfoundry/uaa-release/releases/tag/v11.5

History

2016-09-26: Initial vulnerability report published


[MEDIUM] CVE-2016-6636 UAA Open Redirect Vulnerability for Subdomains

Molly Crowther
 

CVE-2016-6636 UAA Open Redirect Vulnerability for Subdomains
Severity

Medium
Vendor

Cloud Foundry Foundation
Versions Affected

-

Cloud Foundry release v241 and earlier versions
-

UAA release v2.0.0 - v2.7.4.6, v3.0.0 - v3.4.2
-

UAA BOSH release v12.3 & earlier versions

Description

Subdomains in the redirect_uri are not properly validated during OAuth
authorization flow, making it possible to obtain implicit access tokens
using a different subdomain in the request. Clients with the implicit
authorization grant type are affected.
Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

-

Upgrade to Cloud Foundry v242 [1] or later
-

For standalone UAA users
-

For users using UAA Version 3.0.0 - 3.4.2, please upgrade to UAA
Release to v3.7.0[2], v3.4.4[3] or v3.3.0.5[4]
-

For users using standalone UAA Version 2.X.X, please upgrade to UAA
Release to v2.7.4.7 [5]
-

For users using UAA bosh release, please upgrade to UAA-Release v16
[6] if upgrading to v3.7.0 [2] ,v12.5 [7] if upgrading to v3.4.4[3] or
v11.5 [8] if upgrading to v3.3.0.5[4]

Credit

GE Digital Security Team
References

-

[1] https://github.com/cloudfoundry/cf-release/releases/tag/v242
-

[2] https://github.com/cloudfoundry/uaa/releases/tag/3.7.0
-

[3] https://github.com/cloudfoundry/uaa/releases/tag/3.4.4
-

[4] https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.5
-

[5] https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.7
-

[6] https://github.com/cloudfoundry/uaa-release/releases/tag/v16
-

[7] https://github.com/cloudfoundry/uaa-release/releases/tag/v12.5
-

[8] https://github.com/cloudfoundry/uaa-release/releases/tag/v11.5

History

2016-09-26: Initial vulnerability report published


[HIGH] CVE-2016-6651: Privilege Escalation in UAA

Molly Crowther
 

CVE-2016-6651: Privilege Escalation in UAA
Severity

High
Vendor

Cloud Foundry Foundation
Versions Affected

-

Cloud Foundry release v242 and earlier versions
-

UAA release v3.7.0 & earlier versions
-

UAA bosh release (uaa-release) v16 & earlier versions

Description

A privilege escalation vulnerability has been identified with the
/oauth/token endpoint in UAA allowing users to elevate the privileges in
the token issued.
Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

-

Upgrade to Cloud Foundry v243 [1] or later
-

For standalone UAA users
-

For users using UAA Version 3.0.0 - 3.7.0, please upgrade to UAA
Release to v3.7.3[2], v3.4.5[3] or v3.3.0.6[4]
-

For users using standalone UAA Version 2.X.X, please upgrade to UAA
Release to v2.7.4.8 [5]
-

For users using UAA bosh release, please upgrade to UAA-Release v17
[6] if upgrading to v3.7.3 [2] ,v12.6 [7] if upgrading to v3.4.5[3] or
v11.7 [8] if upgrading to v3.3.0.6[4]

Credit

SAP HCP Security Team
References

-

[1] https://github.com/cloudfoundry/cf-release/releases/tag/v243
-

[2] https://github.com/cloudfoundry/uaa/releases/tag/3.7.3
-

[3] https://github.com/cloudfoundry/uaa/releases/tag/3.4.5
-

[4] https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.6
-

[5] https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.8
-

[6] https://github.com/cloudfoundry/uaa-release/releases/tag/v17
-

[7] https://github.com/cloudfoundry/uaa-release/releases/tag/v12.6
-

[8] https://github.com/cloudfoundry/uaa-release/releases/tag/v11.7

History2016-09-26: Initial vulnerability report published


Re: FW: issue tracker permissions

Lisa Doan <ldoan@...>
 

Hi all -- a couple people reached out asking for a date for Viewers can
follow. We are currently targeting November of this year.

Thanks,
Lisa

On Mon, Sep 26, 2016 at 10:03 AM, Lisa Doan <ldoan(a)pivotal.io> wrote:

Hi all,

Just to re-iterate, we do have this feature prioritized on the Tracker
team. I'm sorry we haven't been able to deliver this yet, but there are a
number of other higher priority items that we must attend to before we can
begin this work. We will keep you posted as we get closer to implementing
this.

Thanks,
Lisa

On Sun, Sep 25, 2016 at 12:54 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

Dear Guillaume,

Thanks for your efforts in this direction. As I already stated before, it
is really a pain that you are not able to follow stories or comment when
not being a member in a Pivotaltracker project. However, github issues
aren’t more than a crutch, probably not even a good one.

For example, GH issues cannot be ordered. They are in the order of
creation, priorization is not visible. Therefore, if you look e.g. at the
BOSH mirror [1], there are a bunch of “unstarted” and “unscheduled” issues,
the first “started” one comes on page 2. For bugs, it gets more confusing.
Most people have the github bot activated, which creates a PT story for
each GH issue created. This is already confusing, because you have two
places where potentially updates to this bug could be located in, and
nobody knows where to look. Add in the mirroring, and now you have three
places, see an example for the buildpacks [2]. All of this is not your
fault, it is a restriction on how GH deals with issues and the fact that
we’re distributing information over more than one place.

While I appreciate your efforts and time spent on this: I strongly feel
that is an issue that can only be solved by one of two options:
• The Pivotaltracker team implementing the necessary functionality
• Migrating to a different tracker

I’m trying all I can to push for the first option by talking to Dan and
Lisa, but other features seem to be more important to the PT team. In
November, it has been a year since I asked for this, so my confidence isn’t
very high that it is going to happen at all. For me that just means option
two is getting more and more realistic every day.

Warm regards
Marco

[1] https://github.com/cf-tm-bot/bosh/issues
[2] https://github.com/cloudfoundry/staticfile-buildpack/issues/85



-----Original Message-----
From: Guillaume Berche <bercheg(a)gmail.com>
Date: Saturday, 24 September 2016 at 12:29
To: "Discussions about Cloud Foundry projects and the system overall." <
cf-dev(a)lists.cloudfoundry.org>
Cc: Chip Childers <cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <
cholick(a)gmail.com>, Dan Podsedly <dpodsedly(a)pivotal.io>, Lisa Doan <
ldoan(a)pivotal.io>, "Voelz, Marco" <marco.voelz(a)sap.com>
Subject: Re: [cf-dev] Re: FW: issue tracker permissions

Hi,


The mirroring of foundation projects is around 60% complete. See [5]
for more detailed coverage. This should enable community members to watch
the most active foundation backlogs. I received no notifications of
negative side effects of this mirroring so
far. I'll proceed with mirroring the remaining projects in the next
days/weeks.

There are interesting next steps that could be tackled, such as
enabling commenting on the backlogs, or searching across all foundation
backlog history, see [3]. Let me know if you have interests in discussing
these next steps and current challenges faced by
the mirroring process. The upcoming Frankfurt cfsummit unconference
on monday might be a good place for this, I'd propose a subject if I
receive some interest.


Thanks,


Guillaume.






Guillaume.




On Mon, Sep 5, 2016 at 10:21 PM, Guillaume Berche
<bercheg(a)gmail.com> wrote:

Hi,


We have prototyped at Orange an automatic mirroring of Pivotal
Tracker (PT) stories into github issues. See pivotaltrackermirror at [1],
and the experimental mirror of the buildpack tracker at [2]. I'd like to
thanks the buildpacks team for accepting to join
this experiment and providing us with feedback in the past few weeks.

We hope this could bring the following benefits to the CF community:

1. allow use of the
watching notifications <https://help.github.com/artic
les/about-notifications/#types-of-notifications> github feature to track
progress on public pivotal trackers projects: all stories or selected
stories of interest.
2. allow use of
github search features <https://help.github.com/artic
les/searching-github> to search Pivotal Tracker content (e.g. accross
multiple mirrored PT projects, or along with other github repositories
hosting the associated code)
3. allow use of
github @mentions <https://help.github.com/artic
les/basic-writing-and-formatting-syntax/#mentioning-users-and-teams> to
contact github accounts associated with PT public projects contributors, in
the context with a specific mirrored story
4. mirrored content becomes discoverable: search engines index it,
making it easier to find mirrored PT content such as a stack trace

This is still experimental work. We would like to hear community
feedback about this initiative (how is it useful?), as well as core
contributor teams (are there unexpected side-effects that need to be
handled beyond what we fixed so far [3]?) Do you have
suggestions for enhancements: can you comment/vote/improve in [3]?


Our plan is to progressively extend this experiment to more trackers
listed in [5] (in a rate of a few projects per week). Please report issues
on [3] if you observe negative side effects, or reply to this email if you
have concerns about this mirroring.



There still a fair amount of work ahead to convert this experiment
into a stable tool, and opportunities to provide some new cool features to
the community. Contributions are welcome :-)



Thanks,


Guillaume.



ps: I also recently noticed a PT slack integration [4] that would
also cover use-case #1 (get notifications for all stories in a tracker).
I'm not yet sure what it takes to add it to a given channel.


[1]
https://github.com/orange-cloudfoundry/pivotaltrackermirror <
https://github.com/orange-cloudfoundry/pivotaltrackermirror>
[2] https://github.com/cf-tm-bot/buildpacks
[3]
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues <
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues>
[4]
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker <
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker>
[5]
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki <
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki>





Guillaume.




On Sun, May 29, 2016 at 8:05 PM, John Wong
<gokoproject(a)gmail.com> wrote:

Just an idea... Is there a feature in Tracker to always cc
someone/some email address? For non security and non confidential stories
we can Cc this email address automatically which will post to a google
group and a thread will be built as comment is added.
This at least allow a read-only mirror.


Just a thought...


On Sunday, May 29, 2016, Voelz, Marco <marco.voelz(a)sap.com> wrote:

Dear Dan, dear Lisa, dear Chip, dear community,

sorry for digging out this old issue again and again. If you are just
tuning in, here is the situation
·
I like Pivotal Tracker as a product
·
I have to use Tracker for my daily work, as it is currently mandatory
for all CFF projects and all of them use it
·
The restrictions in pivotal tracker make it hard to impossible to do
the daily stuff you want to do within a large open-source community.

After initially bringing this up in November last year, here are a
few of the problems I addressed with Dan in a hangout session in February:
·
To follow stories in a project you need to be a member of that
project. Therefore, you cannot track progress on stories in other projects.
·
To comment on stories, the same restrictions as above apply

It has been 3 months since Dan and I talked, I’ve checked back every
4 weeks with him and what I’ve heard so far is ideas. I haven’t seen a
prototype, any specifics on the current state,
any planning details. It’s not like I’m demanding this feature
should be done by now – I just want to know what is going on.

I have to say I am very unhappy in how this topic is treated. From my
point of view, it seems like there is a huge lack of transparency and
feedback. Please, let me know what’s going on.
I don’t want to switch to a different tracker, such as e.g. trello,
but if the requirements of a large open-source community aren’t heard, then
I don’t know what else to do about this.

Warm regards
Marco

PS: What about a public tracker backlog in tracker, so people can
follow their favorite feature stories and see where they are in the
planning and when they’re done?


On 16/01/16 13:09, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:





Dear all,



it has now been more than a month since I sent my feedback concerning
this feature to the tracker team – I haven't received any reaction to it.

@Chip:
Is there an option you could weigh in for this from the Foundation
perspective? That would be great!



Sorry for being so stubborn about this, but in my opinion this is a
crucial feature for a bug tracker/backlog which is used in an open-source
product. I know that all the people
working directly at pivotal don't feel the pain, because they can
either talk directly to everyone in person or have the necessary rights to
comment/follow in the other projects, but for everyone else this is really,
really a problem.



Warm regards

Marco



On 09/12/15 21:20, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:




Thanks for pointing me to this link. However, we seem to have the
same problem here: This seems like a fire-and-forget solution. Where does
this item go? How can I send it to
other people and have them +1 it, like it, follow it, favorite it or
whatever is necessary to indicate that there is more than 1 person wanting
this feature?




Thanks and warm regards

Marco



On 09/12/15 20:01, "Amit Gupta" <agupta(a)pivotal.io> wrote:




If you're logged in to Tracker, there's a "Help & Updates" link at
the top, and one of the options is Provide Feedback.


On Wed, Dec 9, 2015 at 10:59 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

I'd happily submit a feature request to build up some visible demand
for this – could you point me to the right channel here?




Thanks and warm regards

Marco



On 08/12/15 23:01, "Dieu Cao" <dcao(a)pivotal.io> wrote:





Unfortunately in order to follow a story in tracker, the minimum
required level is "member" which allows you to create/comment/delete
stories in tracker.

I would suggest submitting a request to the pivotal tracker team to
help build up evidence that this is a feature that people want.



-Dieu



On Tue, Dec 8, 2015 at 12:49 PM, Matt Cholick <cholick(a)gmail.com>
wrote:

Sorry to resurrect an older thread, but I wanted to chime in that
this is a frustration I have too. There are several stories in the various
CF teams public backlogs that I'd
like to keep track of.


Is it possible for community members to get enough permissions on our
tracker accounts to add ourselves to the follow list?



-Matt



On Mon, Nov 23, 2015 at 3:10 AM, Koper, Dies <
diesk(a)fast.au.fujitsu.com> wrote:

Hi Marco, Jan,

I sent an email to Tracker support about that last week because we
were hoping to close CLI feature requests on GH and let people follow the
stories on Tracker. Support confirmed that people need to have R/W access
to a project to do that.
I have just replied to ask if they'd consider an enhancement. Not
sure what the proper channel would be to get such a story prioritized.
Will let you know if I get a reply.

Regards,
Dies Koper
Cloud Foundry CLI PM

-----Original Message-----
From: Voelz, Marco [mailto:marco.voelz(a)sap.com]
Sent: Monday, November 23, 2015 8:00 PM
To: Discussions about Cloud Foundry projects and the system overall.
Subject: [cf-dev] Re: FW: issue tracker permissions

Thanks Jan for bringing that up, I've had similar problems with that
as well. Any ideas on how to solve this? Is this a feature that the tracker
team actively works on?
Hitting cmd+r every few days on the same stories doesn't seem like
the best way to stay informed about your favorite features.

Warm regards
Marco



On 19/11/15 09:23, "Sievers, Jan" <jan.sievers(a)sap.com> wrote:

>>Hi,
>>
>>I was trying to watch a story I am interested in
>>https://www.pivotaltracker.com/n/projects/892938/stories/105493826
>>
>>
>>I do have an account but it seems I don't have permissions to watch
nor to comment.
>>
>>Is there something I missed?
>>
>>Regards
>>Jan
>>





































































--
Sent from Jeff Dean's printf() mobile console















Re: FW: issue tracker permissions

Lisa Doan <ldoan@...>
 

Hi all,

Just to re-iterate, we do have this feature prioritized on the Tracker
team. I'm sorry we haven't been able to deliver this yet, but there are a
number of other higher priority items that we must attend to before we can
begin this work. We will keep you posted as we get closer to implementing
this.

Thanks,
Lisa

On Sun, Sep 25, 2016 at 12:54 AM, Voelz, Marco <marco.voelz(a)sap.com> wrote:

Dear Guillaume,

Thanks for your efforts in this direction. As I already stated before, it
is really a pain that you are not able to follow stories or comment when
not being a member in a Pivotaltracker project. However, github issues
aren’t more than a crutch, probably not even a good one.

For example, GH issues cannot be ordered. They are in the order of
creation, priorization is not visible. Therefore, if you look e.g. at the
BOSH mirror [1], there are a bunch of “unstarted” and “unscheduled” issues,
the first “started” one comes on page 2. For bugs, it gets more confusing.
Most people have the github bot activated, which creates a PT story for
each GH issue created. This is already confusing, because you have two
places where potentially updates to this bug could be located in, and
nobody knows where to look. Add in the mirroring, and now you have three
places, see an example for the buildpacks [2]. All of this is not your
fault, it is a restriction on how GH deals with issues and the fact that
we’re distributing information over more than one place.

While I appreciate your efforts and time spent on this: I strongly feel
that is an issue that can only be solved by one of two options:
• The Pivotaltracker team implementing the necessary functionality
• Migrating to a different tracker

I’m trying all I can to push for the first option by talking to Dan and
Lisa, but other features seem to be more important to the PT team. In
November, it has been a year since I asked for this, so my confidence isn’t
very high that it is going to happen at all. For me that just means option
two is getting more and more realistic every day.

Warm regards
Marco

[1] https://github.com/cf-tm-bot/bosh/issues
[2] https://github.com/cloudfoundry/staticfile-buildpack/issues/85



-----Original Message-----
From: Guillaume Berche <bercheg(a)gmail.com>
Date: Saturday, 24 September 2016 at 12:29
To: "Discussions about Cloud Foundry projects and the system overall." <
cf-dev(a)lists.cloudfoundry.org>
Cc: Chip Childers <cchilders(a)cloudfoundry.org>, "cholick(a)gmail.com" <
cholick(a)gmail.com>, Dan Podsedly <dpodsedly(a)pivotal.io>, Lisa Doan <
ldoan(a)pivotal.io>, "Voelz, Marco" <marco.voelz(a)sap.com>
Subject: Re: [cf-dev] Re: FW: issue tracker permissions

Hi,


The mirroring of foundation projects is around 60% complete. See [5]
for more detailed coverage. This should enable community members to watch
the most active foundation backlogs. I received no notifications of
negative side effects of this mirroring so
far. I'll proceed with mirroring the remaining projects in the next
days/weeks.

There are interesting next steps that could be tackled, such as
enabling commenting on the backlogs, or searching across all foundation
backlog history, see [3]. Let me know if you have interests in discussing
these next steps and current challenges faced by
the mirroring process. The upcoming Frankfurt cfsummit unconference
on monday might be a good place for this, I'd propose a subject if I
receive some interest.


Thanks,


Guillaume.






Guillaume.




On Mon, Sep 5, 2016 at 10:21 PM, Guillaume Berche
<bercheg(a)gmail.com> wrote:

Hi,


We have prototyped at Orange an automatic mirroring of Pivotal Tracker
(PT) stories into github issues. See pivotaltrackermirror at [1], and the
experimental mirror of the buildpack tracker at [2]. I'd like to thanks the
buildpacks team for accepting to join
this experiment and providing us with feedback in the past few weeks.

We hope this could bring the following benefits to the CF community:

1. allow use of the
watching notifications <https://help.github.com/
articles/about-notifications/#types-of-notifications> github feature to
track progress on public pivotal trackers projects: all stories or selected
stories of interest.
2. allow use of
github search features <https://help.github.com/
articles/searching-github> to search Pivotal Tracker content (e.g.
accross multiple mirrored PT projects, or along with other github
repositories hosting the associated code)
3. allow use of
github @mentions <https://help.github.com/articles/basic-writing-and-
formatting-syntax/#mentioning-users-and-teams> to contact github accounts
associated with PT public projects contributors, in the context with a
specific mirrored story
4. mirrored content becomes discoverable: search engines index it,
making it easier to find mirrored PT content such as a stack trace

This is still experimental work. We would like to hear community
feedback about this initiative (how is it useful?), as well as core
contributor teams (are there unexpected side-effects that need to be
handled beyond what we fixed so far [3]?) Do you have
suggestions for enhancements: can you comment/vote/improve in [3]?


Our plan is to progressively extend this experiment to more trackers
listed in [5] (in a rate of a few projects per week). Please report issues
on [3] if you observe negative side effects, or reply to this email if you
have concerns about this mirroring.



There still a fair amount of work ahead to convert this experiment
into a stable tool, and opportunities to provide some new cool features to
the community. Contributions are welcome :-)



Thanks,


Guillaume.



ps: I also recently noticed a PT slack integration [4] that would also
cover use-case #1 (get notifications for all stories in a tracker). I'm not
yet sure what it takes to add it to a given channel.


[1]
https://github.com/orange-cloudfoundry/pivotaltrackermirror <
https://github.com/orange-cloudfoundry/pivotaltrackermirror>
[2] https://github.com/cf-tm-bot/buildpacks
[3]
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues <
https://github.com/orange-cloudfoundry/pivotaltrackermirror/issues>
[4]
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker <
https://cloudfoundry.slack.com/apps/A0F82E7H8-pivotal-tracker>
[5]
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki <
https://github.com/cloudfoundry-community/cf-docs-contrib/wiki>





Guillaume.




On Sun, May 29, 2016 at 8:05 PM, John Wong
<gokoproject(a)gmail.com> wrote:

Just an idea... Is there a feature in Tracker to always cc
someone/some email address? For non security and non confidential stories
we can Cc this email address automatically which will post to a google
group and a thread will be built as comment is added.
This at least allow a read-only mirror.


Just a thought...


On Sunday, May 29, 2016, Voelz, Marco <marco.voelz(a)sap.com> wrote:

Dear Dan, dear Lisa, dear Chip, dear community,

sorry for digging out this old issue again and again. If you are just
tuning in, here is the situation
·
I like Pivotal Tracker as a product
·
I have to use Tracker for my daily work, as it is currently mandatory
for all CFF projects and all of them use it
·
The restrictions in pivotal tracker make it hard to impossible to do
the daily stuff you want to do within a large open-source community.

After initially bringing this up in November last year, here are a few
of the problems I addressed with Dan in a hangout session in February:
·
To follow stories in a project you need to be a member of that
project. Therefore, you cannot track progress on stories in other projects.
·
To comment on stories, the same restrictions as above apply

It has been 3 months since Dan and I talked, I’ve checked back every 4
weeks with him and what I’ve heard so far is ideas. I haven’t seen a
prototype, any specifics on the current state,
any planning details. It’s not like I’m demanding this feature should
be done by now – I just want to know what is going on.

I have to say I am very unhappy in how this topic is treated. From my
point of view, it seems like there is a huge lack of transparency and
feedback. Please, let me know what’s going on.
I don’t want to switch to a different tracker, such as e.g. trello,
but if the requirements of a large open-source community aren’t heard, then
I don’t know what else to do about this.

Warm regards
Marco

PS: What about a public tracker backlog in tracker, so people can
follow their favorite feature stories and see where they are in the
planning and when they’re done?


On 16/01/16 13:09, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:





Dear all,



it has now been more than a month since I sent my feedback concerning
this feature to the tracker team – I haven't received any reaction to it.

@Chip:
Is there an option you could weigh in for this from the Foundation
perspective? That would be great!



Sorry for being so stubborn about this, but in my opinion this is a
crucial feature for a bug tracker/backlog which is used in an open-source
product. I know that all the people
working directly at pivotal don't feel the pain, because they can
either talk directly to everyone in person or have the necessary rights to
comment/follow in the other projects, but for everyone else this is really,
really a problem.



Warm regards

Marco



On 09/12/15 21:20, "Voelz, Marco" <marco.voelz(a)sap.com> wrote:




Thanks for pointing me to this link. However, we seem to have the same
problem here: This seems like a fire-and-forget solution. Where does this
item go? How can I send it to
other people and have them +1 it, like it, follow it, favorite it or
whatever is necessary to indicate that there is more than 1 person wanting
this feature?




Thanks and warm regards

Marco



On 09/12/15 20:01, "Amit Gupta" <agupta(a)pivotal.io> wrote:




If you're logged in to Tracker, there's a "Help & Updates" link at the
top, and one of the options is Provide Feedback.


On Wed, Dec 9, 2015 at 10:59 AM, Voelz, Marco <marco.voelz(a)sap.com>
wrote:

I'd happily submit a feature request to build up some visible demand
for this – could you point me to the right channel here?




Thanks and warm regards

Marco



On 08/12/15 23:01, "Dieu Cao" <dcao(a)pivotal.io> wrote:





Unfortunately in order to follow a story in tracker, the minimum
required level is "member" which allows you to create/comment/delete
stories in tracker.

I would suggest submitting a request to the pivotal tracker team to
help build up evidence that this is a feature that people want.



-Dieu



On Tue, Dec 8, 2015 at 12:49 PM, Matt Cholick <cholick(a)gmail.com>
wrote:

Sorry to resurrect an older thread, but I wanted to chime in that this
is a frustration I have too. There are several stories in the various CF
teams public backlogs that I'd
like to keep track of.


Is it possible for community members to get enough permissions on our
tracker accounts to add ourselves to the follow list?



-Matt



On Mon, Nov 23, 2015 at 3:10 AM, Koper, Dies <
diesk(a)fast.au.fujitsu.com> wrote:

Hi Marco, Jan,

I sent an email to Tracker support about that last week because we
were hoping to close CLI feature requests on GH and let people follow the
stories on Tracker. Support confirmed that people need to have R/W access
to a project to do that.
I have just replied to ask if they'd consider an enhancement. Not sure
what the proper channel would be to get such a story prioritized.
Will let you know if I get a reply.

Regards,
Dies Koper
Cloud Foundry CLI PM

-----Original Message-----
From: Voelz, Marco [mailto:marco.voelz(a)sap.com]
Sent: Monday, November 23, 2015 8:00 PM
To: Discussions about Cloud Foundry projects and the system overall.
Subject: [cf-dev] Re: FW: issue tracker permissions

Thanks Jan for bringing that up, I've had similar problems with that
as well. Any ideas on how to solve this? Is this a feature that the tracker
team actively works on?
Hitting cmd+r every few days on the same stories doesn't seem like the
best way to stay informed about your favorite features.

Warm regards
Marco



On 19/11/15 09:23, "Sievers, Jan" <jan.sievers(a)sap.com> wrote:

>>Hi,
>>
>>I was trying to watch a story I am interested in
>>https://www.pivotaltracker.com/n/projects/892938/stories/105493826
>>
>>
>>I do have an account but it seems I don't have permissions to watch
nor to comment.
>>
>>Is there something I missed?
>>
>>Regards
>>Jan
>>





































































--
Sent from Jeff Dean's printf() mobile console















Re: FW: issue tracker permissions

Carlo Alberto Ferraris
 

Guillaume,
thank you so much! One beer at the next CF summit is on me. :)

Carlo


Re: [ANN] Utilities PMC projects graduating from incubation

Shah, Harshit
 

Thanks Mike and CF Community.

We would like to invite the attendees at CF Summit Europe this week to learn more about .NET tools integration and scenarios these project enables.

Please join the office hours for info and questions you may have for engineers who have contributed these projects.

Date: Sep 28th ( Wed )
Time: 11 AM (Frankfurt time)
Location: HPE Booth (Booth #1 ) at CF Summit

Thanks
Harshit

From: Dr Nic Williams <drnicwilliams(a)gmail.com>
Date: Monday, September 26, 2016 at 7:31 AM
To: "Discussions about Cloud Foundry projects and the system overall." <cf-dev(a)lists.cloudfoundry.org>
Cc: "Shah, Harshit" <harshit.shah(a)hpe.com>
Subject: Re: [cf-dev] [ANN] Utilities PMC projects graduating from incubation

Thanks HPE!

On Mon, Sep 26, 2016 at 5:22 AM +0200, "Mike Dalessio" <mdalessio(a)pivotal.io<mailto:mdalessio(a)pivotal.io>> wrote:
Hi all,

In May 2015, the Utilities PMC began incubating a handful of .NET developer tools created and maintained by engineers at HPE.

These projects have been maintained by HPE over the last 16 months, and so I think it's overdue to move these projects out of Incubation and declare them to be Active Projects according to the CF Development Governance Policy [1].

I'm pleased to announce that these three projects have graduated:

* cloudfoundry/cf-msbuild-tasks
* cloudfoundry/cf-dotnet-sdk
* cloudfoundry/cf-vs-extension
Big thanks to the HPE team!

Worth noting, Harshit Shah, the PM of the HPE team, would like to hold office hours at CF Summit Europe this week for anyone who's interested. He'll reply to this email with details, and is CCed if you'd like to reach out to him directly with questions.

Cheers,
-m


[1]: https://www.cloudfoundry.org/wp-content/uploads/2015/09/CFF_Development_Governance.pdf


Re: [ANN] Utilities PMC projects graduating from incubation

Dr Nic Williams <drnicwilliams@...>
 

Thanks HPE!

On Mon, Sep 26, 2016 at 5:22 AM +0200, "Mike Dalessio" <mdalessio(a)pivotal.io> wrote:










Hi all,
In May 2015, the Utilities PMC began incubating a handful of .NET developer tools created and maintained by engineers at HPE.
These projects have been maintained by HPE over the last 16 months, and so I think it's overdue to move these projects out of Incubation and declare them to be Active Projects according to the CF Development Governance Policy [1].
I'm pleased to announce that these three projects have graduated:cloudfoundry/cf-msbuild-tasks
cloudfoundry/cf-dotnet-sdk
cloudfoundry/cf-vs-extension
Big thanks to the HPE team!
Worth noting, Harshit Shah, the PM of the HPE team, would like to hold office hours at CF Summit Europe this week for anyone who's interested. He'll reply to this email with details, and is CCed if you'd like to reach out to him directly with questions.
Cheers,-m

  [1]: https://www.cloudfoundry.org/wp-content/uploads/2015/09/CFF_Development_Governance.pdf

3641 - 3660 of 9421