did anyone implemented terracotta 5(5.3.2) cluster with some security.
I don't find any documentation regarding this topic.
Any help will be appreciated.
Thanks
There is no built in security support in Terracotta 5.x / Ehcache 3.x.
Historically the security features are proposed as enterprise features. They are planned for the future but not yet available.
FYI I work on Ehcache and Terracotta.
Related
We are using Drools for our business rules. Is Drools impacted/expose to the CVE-2021-44228 (Log4Shell or Log4J/Apache/Java vulnerability
The whole KIE ecosystem (Kogito, Drools, OptaPlanner and jBPM) moved to SLF4J, a different logging facade with Logback as default implementation, a few years ago and it is therefore not vulnerable by CVE-2021-44228. Accordingly, our recommendation is to ensure your applications are updated to the latest community versions (at the time of writing, Drools, jBPM, KIE Workbench/Business Central and KIE Server 7.62.0.Final, Kogito 1.14.1.Final, Optaplanner 8.14.0.Final).
from this blog post.
We invite you to keep monitoring the blog post, in the case there might be in the future any further findings.
Looks like its not the case.
In this thread you can find all apps impacted : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
I wish to inquire if there is any concern from UiPath in regards to the threat posed by the Apache Log4j vulnerability (https://amp.theguardian.com/technology/2021/dec/10/software-flaw-most-critical-vulnerability-log-4-shell). I know UiPath orchestrator runs on MS IIS and wanted to know what logging framework is used.
regarding this post in the UiPath forum Robots and Orchstrator are using NLog, which is a different framework.
Also it is mentioned that UiPath Insight is using Log4j. They are currently evaluating the impact. See here
Does anyone know if the Enterprise version of JBoss supports the concurrent utilities defined in JSR-236 and, if not, whether there is any roadmap for their support?
I couldn't find any info online and the only related RH knowledge base post is not accessible without a paid subscription.
JBoss EAP 7 does support the JSR-236 Concurrency Utilities. As far as I know this is the first release that supports them.
Read about JSR-107 and JCache recently.
Would like to know whether Hazelcast or Ehcache follow this JSR?
JSR107 (JCache) made good progress and we already notified the spec committee that Hazelcast will implement the JCache spec. Having JCache part of Java EE 8 will be significant achievement so Hazelcast is now committed to JCache.
-talip (hazelcast founder)
As far as Hazelcast goes, here is a response from Talip Ozturk:
> 1. Does hazelcast have any plans to support JSR107? If so, any release date?
It shouldn't be hard to support JSR107 but it is a 10 years old JSR
that is never been finalized. We don't want to spend time on it until
we see an official release of the spec.
Found on this page.
As far as Ehcache goes, here is a possible implementation that may work: https://github.com/jsr107/ehcache-jcache
Hazelcast 3.3.1 passed the JSR107 final TCK and was accepted by the JCP as compatible. Makes sense since the JCache spec co-author is the CEO of Hazelcast
You can download it at http://hazelcast.org/download
If you need an implementation of JCache, the only one that I'm aware of being available today is Oracle Coherence; see: http://docs.oracle.com/middleware/1213/coherence/develop-applications/jcache_part.htm
For the sake of full disclosure, I work at Oracle. The opinions and views expressed in this post are my own, and do not necessarily reflect the opinions or views of my employer.
Hazelcast is now fully complied with Jsr107 or Jcache. This is announced in the official Blog
On the opening day of JavaOne and Oracle Open World, Hazelcast, the leading In-Memory Data Grid provider is announcing the release of Hazelcast 3.3.1 JCache, the JCache compatible version of Hazelcast.
And acording to this
Hazelcast JCache implementation is 100% TCK (Technology Compatibility Kit) compliant and therefore passes all specification requirements.
The samples in hazel cast makes it somewhat easy to learn jcache as there is really poor JavaDocs and other resources
I'm currently in the process of migrating an application from Spring 2.5.6 to Spring 3.0.4 and Spring Security 3.0.2 and I was wondering if there was some kind of execution flow for both of these framework so that developpers could know what is being called before what.
For those of you who are doing this kind of migration, I can tell you that it's not a simple task that's why I was wondering if some experts, out there, in the wild, would have some references about these flow.
Thanks
You should start here:
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/springsecurity.html
This is a detailed overview of how spring works and will get you up to speed on the changes. Additionally I highly recommend the book by Peter Mularien - Spring Security 3.
With these two references you'll be on your way in no time.
Grant