Zip4J is listed as vulnerable for Zip Slip. They claim that Zip4J 1.3.3 has the fix. However the JAR we download from their site is empty and has no classes.
Did anyone manage to get the 1.3.3 version? Any other alternative for a Zip utility that supports encrypted zips? Have mailed the Zip4J developer, but checking here as well to see how everyone is handling it.
Zip4j 1.3.3 with Zip slip fix is now available on Maven Repository
I noticed there is a problem with the jar files from their own website at http://www.lingala.net/zip4j/download.php
But when I downloaded it from https://mvnrepository.com/artifact/net.lingala.zip4j/zip4j/1.3.2 , it is working perfectly.
Related
This is probably a very dumb question. But I have a little project in Django and I would like to upload it to GitHub to just have it there.
I know how GitHub works and I know how to upload the project. But I'm wondering if just uploading the whole folder is the right way to do it.
I mean. I have a data base with my project, that has some information.
So is the database JUST in my computer right? It won't get uploaded next to the project to github?
So basically I'm asking:
Should I just simply upload the whole folder?
And if I were to download my project from GitHub from another computer. Should I just have to run migrations to make it work locally?
Don't push your settings.py into a repository, because it has some important information about your application such as SECRET_KEY OR DATABASE.
It’s important to keep your application credentials like API Keys, Amazon S3, email parameters, database parameters safe, specially if it’s an open source repository.
You need to make sure that these kind of information will be stored in a secure place and don't push it into a public repository.
There are more files that you shouldn't push into your repository. check out this link to know more about .gitignore files in Django projects. also there is a website that you can create your .gitignore files automatically.
Now if you want to know more about how to store these kind of informations you can use environment variables and also there is a package called python-decouple that you can use it for storing your important informations.
I am working in a GitLab C++ project and I am trying to have a automatic documentation generation on the code using Doxygen. I don't really know how to approach the problem.
Can I somehow include it in CMake to have a updated documentation in the project everytime someone builds it?
Or would it be better to have the server generate a documentation when someone pushes his Code?
Thanks for your help!
Consider publishing the generated documentation on a GitLab Pages site (https://docs.gitlab.com/ee/user/project/pages/) You can then link to it from your Wiki to make it easy to find.
GitLab Wiki is stored in a separate Git repository (https://docs.gitlab.com/ee/user/project/wiki/) so that's why I think it would be cleaner to create a Pages site rather than to update the Wiki Git repo from the main Git repo.
Yes, I think it is better to have a separate server build the documentation whenever someone pushes. If you have a Travis-CI account, you could configure an automatic deployment of your Doxygen documentation to the GitLab Wiki.
See here a link to a Gist example for GitHub, but should be expandable to GitLab:
https://gist.github.com/vidavidorra/548ffbcdae99d752da02
My requirement is to migrate issues from Redmine to GitHub issue tracker.
I exported Redmine issues to a csv file. Using GitHub issue api I am able to create issues in github along with labels.
But I also need to attach file while creating issue, using GitHub REST apis.
Is it possible to attach files while creating issue in github via API?
If anybody knows the solution for this please let me know.
No, it's not possible to attach files to issues via the GitHub API.
I don't want to install a single thing. There must be a web based viewer somewhere! I'm having a hard time finding such a thing in google.
There must be somewhere online where I can simply paste "svn://nex-3.com/gtk-themes" and it will let me browse the contents of the repository (assuming the repo exists and is publicly viewable).
EDIT: I guess I can just use any browser's directory tree browser. hehe
To access svn via http, you could configure it with apache using mod_dav.
I know that you have to install something, but it is what I would use.
Do you have your own SVN installed locally or are you looking for a hosted SVN solution?
If you're looking for a hosted solution with http access, Unfuddle is great.
There is a Firefox add-on called Tortoise SVN Menu but it requires Tortoise SVN client to be installed as well.
I guess I can just use any browser's directory tree browser. hehe
I would like to use our current intranet as the main application to authenticate users. Confluence should be able to ready the cookie I created from the intranet to authenticate the user automatically without prompting them for a username/password. I read a bit about seraph here: http://docs.atlassian.com/atlassian-seraph/latest/sso.html, however I am not really sure how to get started. I downloaded the zip and created the config files. However once I have created the classes in which folder do I place them and how do I actually compile them? I am new to Java.
I would prefer not use Crowd, since its very expensive and if we can build the SSO on our own, then we can save a lot of money.
Any help is appreciated.
I am using 3.1.1 on Windows.
The simplest way to integrate is to copy + modify the CAS client, linked from the page above. If you're completely new to Java, there's a bit of a learning curve - you need to create a JAR file which you copy into the $CONF_HOME/confluence/WEB-INF/lib directory, along with modifying your seraph-config.xml.
I'm not sure I can give you a complete tutorial on how to build a JAR file here, but the CAS client uses Ant, so if that's what you're modifying, install Java and Ant and run "ant build.xml" in the directory.
Hope that makes some sort of sense :-)