The reason I deleted both was because they both depend on the vulnerable jar iControl, for which there is no update.
On Fri, Dec 30, 2022 at 11:35 AM Rohit Yadav <rohit.ya...@shapeblue.com> wrote: > I think there are two plugins in question. What you've advised makes sense > for F5, I'm not sure if SRX plugin is already removed from the build > system. Nevertheless, if there are no objections then you may execute your > proposal as the RM. > > > Regards. > > ________________________________ > From: Daan Hoogland <daan.hoogl...@gmail.com> > Sent: Thursday, December 29, 2022 22:03 > To: dev@cloudstack.apache.org <dev@cloudstack.apache.org> > Cc: users <us...@cloudstack.apache.org> > Subject: Re: [DISCUSS][PROPOSAL][4.19] remove juniper plugins F5 and SRX > > the plugin is already removed in the latest release, so I think this is a > special case Rohit. It makes no sense to start deprecating now, it has been > dysfunctional for more than half a year already. My proposal is to remove > the code in 4.18, as the plugin is effectively already removed. > > On Thu, Dec 29, 2022 at 8:47 AM Rohit Yadav <rohit.ya...@shapeblue.com> > wrote: > > > We've done this in the past which usually would be to deprecate the > > component in a release and then remove that in subsequent releases, to > not > > surprise our users to give enough time for the community to object or > > respond. > > > > I think we can start by deprecating them in 4.18, i.e. put in the release > > notes (about) page to publish the information and intent to remove in > > future releases. If there are no objections, then in the next LTS (4.19) > > this can be removed from the source code and a removal notice is put in > the > > release notes. > > > > > > Regards. > > > > ________________________________ > > From: Daan Hoogland <daan.hoogl...@gmail.com> > > Sent: Wednesday, December 28, 2022 18:39 > > To: dev <dev@cloudstack.apache.org>; users <us...@cloudstack.apache.org> > > Subject: [DISCUSS][PROPOSAL][4.19] remove juniper plugins F5 and SRX > > > > LS, > > Since 4.17 the inclusion of the iControl jar has been disabled because of > > unresolved security issues. This leaves the SRX and F5 plugins rendered > > useless. I created a PR [1] to remove them and propose to merge this > before > > 4.18. > > Please, review if you feel this is needed and/or propose alternative > > solutions if you have any. > > > > My idea is to leave this open expecting lazy consent for at least a week > > into the new year. > > > > regards, > > > > [1] https://github.com/apache/cloudstack/pull/7023 > > > > -- > > Daan > > > > > > > > > > -- > Daan > > > > -- Daan
