Page Comparison

See https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

• Jira Legacy
  server System JiraJIRA serverId 01505d01-b853-3c2e-90f1-ee9b165564fc key FOLSPRINGB-47

• Julian Ladisch is writing a script to check for vulnerable modules
• A message/update was posted to #sys-ops:  https://folio-project.slack.com/archives/C9BBWRCNB/p1648740057373649?thread_ts=1648728230.119219&cid=C9BBWRCNB
• Julian Ladisch has created a few JIRAs for this – he's still working on this.
• He also wrote a script to list the affected modules - runs periodically
• The edge modules are probably the most critical - 3 of them are affected.  The related POs are aware.
• Should these fixes be backported to Kiwi?
  • Prevailing thought is that it should since Kiwi is the latest release and Lotus isn't official yet.
  • Craig McNally will communicate this recommendation to the Capacity Planning group, and possibly Oleksii Petrenko.
  • Additional communication will be made once the path forward is clear.
• Discussed with Mark V. Harry K, and Oleksii P. - Aiming for Lotus (HF) and Morning Glory.
• Still confusion about how many releases need to be supported, LTS, etc. 
• Note that this is a P3, if it were a P1/P2 the decision might have been different.
• The priority for some of these stories (specifically edge APIs and the umbrella story) has been bumped to P2
  • This was done so that the fixes can be included in a Lotus hot fix

Today:

• The fix for edge modules has been backported

Security team needs

• How many releases from now has to be supported? (3-4 releases or less?)
• Priority/Risk will likely factor into this as well.
• Also a matter of capacity
• Should be raised to the PC → Axel can bring this with a paper/proposal to the PC - not yet.
• Probably want to bring this to the TC as well at some point, even if only for awareness.
• WOLFcon session?
• Axel will produce a paper that outlines that problem by next weeks meeting.
• Chris to ask his stakeholders about TAMU needs - not specifically, but has started to have some conversations

Update on

• Axel Dörrer Should be removed from week to week agenda and Axel will monitor for progress and report back
• MODEUS-139 has been moved to the next sprint
• Axel Dörrer  waiting to hear back from Ann-Marie B. about the data-import ticket ... maybe target Nolana?

Today:

• No news yet.  Check in next week.

Notes from previous weeks:

Notes from previous weeks:

There's a PR that hasn't' moved in a while... What's the status?  How do we move this forward?

• Ryan Berger / John Coburn to help push this along.

Was there another PR against stripes-testing?

• ui-test:94 Was merged, a problem was reported, leading to this being reverted.
• Appears to be an environmental problem.  
• The JIRA is now unassigned... it isn't clear who has the ball here.
• Added a comment to STCLI-190 tagging Khalilah, Ryan, and Zak
• This PR has been reverted because of issues with the included changes of kopy version. The idea is to exclude the kopy changes by now to move forward with this.
• Last week:  
  • No movement, but a PR should be coming soon.

Holiday next Thursday (5/26) in Germany, so Julian Ladisch & Axel Dörrer will miss the meeting.