we have ESB 5.0.0 and DSS 3.5.1 as a feature of the first one.
We are applying security patches because customer doesn't have UM support.
The question is: if we apply all ESB 5.0.0 security patches, should we also apply DSS patches? we have seen some of them are the same, but not all, not sure we have to install them also (because of a feature)....
Thanks for all
Related
This is regarding the CVE-2022-42889 vulnerability. From the below documentation link its mentioned that
"However we are actively working on upgrading the vulnerable dependency version to non-vulnerable version to reduce the unnecessary noise made by the Software Composition Analysis scanners. Customers may apply the security update once it is available. "
https://docs.wso2.com/display/Security/CVE-2022-42889
We wanted to know if there is any ETA for the vulnerable jars to be removed from WSO2 products.
Thanks,
Navaneeth
Security vulnerability. security tools are reporting the jar as vulnerable.
This is an ongoing effort the WSO2 API Manager versions and the update will be released within next couple of weeks.
We are working with a client who is interested in developing a application using Corda Ledger. While in the initial phase of development to first rollout in to Production, client is looking to see the capabilities of Corda Ledger using its community version. Subsequent to first Production rollout when the capabilities of Corda are on the display with its own client, they want to look beyond making this solution a enterprise solution using by procuring Corda enterprise license.
I am not getting much help in forming a delineating line of difference between Community and Enterprise version of Corda.
**What are essential features which cannot be built using community version ?
**who governs Community version ?
**Is there any support provided for Community version ?
**Can we create a distributed architecture using Community version (Corda nodes located on different physical servers) ?
**Can we create Corda network using Docker containers using Community version ?
**Is there any detailed document to draw the lines between community and enterprise version ? **
I have worked on community version of Corda using it for developing PoC, Where all nodes are located on same server and were not truly distributedstrong text
Corda Open Source and Enterprise are functionally identical. What Enterprise offers extra is the non-functional stuff that is required for mission-critical enterprise applications, which includes performance, HA, HSM integration, Enterprise Database integration, 24 X 7 Support, etc.
The community version id developed primarily by R3, while we also accept and encourage community contribution to the Corda Open Source project.
There is no Official R3 Production Support for Open Source Corda, however, you could ask questions and ask for solutions to your problems on our public slack channel (stack.corda.net) and also here on StackOverflow.
You can operate a network of OS Corda with nodes on different servers without any problems.
I would like to know if we will be able to do security vulnerability, license and copyright scan using with sonatype nexus lifecycle for ruby gems?
I was not able to tun a trial version of IQ server due to licence requirements and see for myself. The free Application Health Check (AHC) seems to support only java based programs.
Please clarify.
IQ Server 1.35 introduced Lifecycle XC which has very basic support for RubyGems (and other formats that are not support by Sonatype yet), but that won't provide what you're looking for.
Recently announced IQ Server 1.46 enabled RubyGems support in Nexus Firewall. This might be good enough for what you're looking for.
However if you need RubyGems support in Nexus Lifecycle, then you have to wait for that.
I am trying to implement code where I can send and receive the SOAP messages to IBM MQ. As of my knowledge jar file are required for my code to work, but could not find any place where either I can download the files or can do whole setup of WebSphere 6.0
Do anyone have any idea how can I get it ?
Please be aware that grabbing the jar files from an MQ Server or other installation is not supported by IBM and never has been. However, because it is one of the most commonly used methods to install the MQ client for Java or JMS and fairly common in Java developer culture, IBM has provided a Java-only install option. Please see the Redistributable Clients page in the Knowledge Center for details.
As the name suggests, this install provides an MQ Client package that can be redistributed with independently developed MQ applications. While that is helpful, the main reason IBM provides it is to provide a lightweight install package that...
Contains the correct and complete set of jar files as packaged by IBM.
Is intact and verifiable against a known specification and inventory.
Can reliably be expected to perform as per the documentation set for that version.
Contains all of IBM's diagnostic utilities both in the compiled binaries and in the Java classes.
Contains additional utilities such as GSKit for managing certificates.
Can be patched using IBM's standard Fix Pack install media so that integrity of the installed classes and libraries is preserved.
When using IBM's install media and procedure, the result is far more stable but int he event something goes wrong, the presence of the diagnostic utilities and conformance to a standard install procedure can dramatically reduce outage durations.
Also, there are occasional instances in which a customer with full support entitlements is told that their non-standard installation is not supported and they need to correct it before continuing the PMR. Though this doesn't happen often, in most cases the problem is resolved when the MQ client is installed according to spec. When that doesn't fix it, at least diagnostics can proceed at a faster pace.
The link above has all the details, including links to the client downloads, and is highly recommended reading. You can also go directly to Fix Central for the downloads. Fix Central offers all supported MQ client versions and the relocatable clients come in v8.0 and up. In the download list, look for the "All Java" package.
As Tim noted, mixing client and server versions is supported, provided both client and server are currently in service. Generally you want to develop against the latest version of MQ client because it has the most recent client-side features and will have the longest service life before a version upgrade is required.
Assuming you're on a Unix platform for your queue manager, the client will be found at:
/opt/mqm/java/lib
However, all MQ clients are compatible with all queue manager versions. I strongly recommend you use a client which is still supported, which means 7.1, 7.5, 8.0, or 9.0 at time of writing. These are freely downloadable from the SupportPac website.
The SupportPacs of interest are those starting 'MQC'. SupportPac MQC8 for example contains the MQ V8.0 client.
Thanks everyone. Just an update to the above answer. In my case I have asked the WebSphere administrator for providing me the lib folders which contains all the required MQ jar files.
I have asked him to provide following files from the C:\Program Files (x86)\IBM\WebSphere MQ\Java\lib\ folders:
* com.ibm.mq.jar
* connector.jar
* com.ibm.mq.jmqi.jar
* com.ibm.mq.headers.jar
* com.ibm.mq.commonservices.jar
I've heard somewhere that LCDS is no longer baked in into CF9, and LCDS Express will be phased out, is that true?
If I were to start a new CF8.01 + LCDS Express 2.6 project, what are the risks? Should I abandon that plan and go for BlazeDS instead?
Thanks.
For the record:
ColdFusion 8 shipped (as part of the installer) LCDS 2.6 Express. LCDS Express (free) is no longer available so it is not shipped with ColdFusion 9. However, ColdFusion 9 still supports the same level of integration w/ LCDS as in ColdFusion. The only difference is the installation process. Of course, without a free edition of LCDS, you would be required to purchase a production license.
ColdFusion 9.01 (codenamed Sully) will have full support for LCDS 3.1. It's scheduled for release in mid-2010.
-Adam
Henry just informed me of this thread and showed me the articles on FB4's "Data Management". Forgive my ignorance at this time as I need to carefully read them not just skim them, but I'll chime in briefly.
It sounds to me that FB4's "client-side data management without having to use a server at all" is semantically clear as mud. How does an individual client manage data as "LCDS Data Management" feature does? (Who's on first?). Sounds like they are being implied to be the same. What about NIO, RTMP, Conflict Resolution, server-to-client Pagination, Lazy Loading, etc?
Given the near complete overlap in jargon, and analogous implementations, I think Adobe should be VERY clear regarding the difference. I suppose its in Adobe's best interest to differentiate LCDS Data Management proper (the money feature) from FB4 Data Management (the freebie) if it wants good selling points for LCDS customers.
AFAIK, LCDS 2.6.1 full installer runs as unlimited version for 120 days, and then reverts to the Express Edition 1-CPU (a.k.a. Single CPU Edition) thereafter. If you are already running LCDS 2.6.1 as Single CPU Edition as a standalone server you can connect ColdFusion 8.0/1 and ColdFusion 9.0 to it via RMI by checking the CF Admin boxes under Enable Remote LCDS Access. However, if you have the LCDS 2.6.1 Components for ColdFusion and a full LCDS 2.6.1 server bits lying around, then you can use it to configure both ColdFusion 8.x and ColdFusion 9.0 for an embedded version of LCDS (where they both run in the same JVM and do not need RMI to talk to eachother). I have LCDS 2.6.1 working in embedded mode with both CF8.01 and CF9.0.
Additionally, regarding "LCDS Express (free) is no longer available", it may be true that you can not download it off Adobe.com anymore, but if you already have it then Adobe won't retroactively change your EULA.
How are you specifically planning to use the Data Management? Flash Builder 4 includes the ability to do client-side data management without having to use a server at all. CF also gives you the ability to do online/offline synchronization and datamanagement with CF and AIR.
LCDS 3.0 has some interesting functionality that goes above and beyond data management but if you're looking at basic data management you might want to give one of the two options above a try.
=Ryan
ryan#adobe.com
To use LiveCycle Data Services ES
2.6.1 with ColdFusion 9, you need to manually install it after completing
your ColdFusion 9 installation.
http://help.adobe.com/en_US/ColdFusion/9.0/Installing/WSB53CBD63-A21C-4f31-8F3E-700AE45A026E.html
Nice, LCDS still supported.