I see there's a separate maven repo at http://dist.wso2.org/maven2 but the version of siddhi - your CEP does not match what is in here: https://github.com/wso2/product-cep
Which is current and which can be used? Also, the website has a lead-capture form. Is the product truly apache2 open source or is it in name only?
WSO2 products are 100% apache 2.0 license compatible free and open source products. you can find the siddhi version used in WSO2 CEP.
Based on the description given on Siddhi repository,current version is 3.0.2. Please find the maven nexus repository for Siddhi
Related
We are working on WSO2 Open source API Manger 4.0.0 and Micro Integrator 1.2.0. we need to apply the bug fixes. We are unable get the latest build of specific WSO2 API Manager and Micro Integrator versions from the source code.
We are trying to get latest build by building the product from source code available in below github. But the master branch contains latest APIM and MI versions. could you please help on build the product of specific APIM and MI versions (APIM 4.0.0 and MI 1.2.0)
API Manager:
https://github.com/wso2/product-apim
Micro Integrator:
https://github.com/wso2/micro-integrator
You can checkout from the tag and apply the fixes.
https://github.com/wso2/product-apim/tree/v4.0.0
https://github.com/wso2/micro-integrator/tree/v1.2.0
Carbon APIMGT version for APIM v4 - https://github.com/wso2/carbon-apimgt/tree/v9.0.174
Carbon APIMGT contains the core functionalities of the product APIM.
WSO2 API Manager and MI are a collection of different jars and webapps. In our opensource code base, each product has a product repo (product-apim, micro-integrator, product-is) and multiple component repositories (carbon-apimgt, wso2-synapse). All of these are in the WSO2 or WSO2-extensions organization.
If you want to find the codebase for a specific version of a product or a component, you can check the release tag of the repository. For an example, if you want to find the APIM 4.0.0 related code base, you first need to get the 4.0.0 tag in product-apim repository.
Since we use maven as the build tool, pom.xml in the product repository includes all the component versions. Most of the time, fix is sent to a component repository and you can find the relevant component version by referring to this pom.xml. For example, most of the apim specific components are included in the carbon-apimgt repository. You can find the relevant carbon-apimgt version in the pom.xml as 9.0.174.
If you check out the carbon-apimgt repo's 9.0.174 tag, you can find the relevant code base. Similarly, synapse version is 2.1.7-wso2v227.
Once you find the relevant code base, you can apply your fix and build the component locally. This will build the jar with your fix and you can patch the product by adding this jar to the /repository/component/patches/patch0001/<Jar_name>.jar.
Make sure that use the same name as the jar included in the /repository/component/plugins repository (Sometimes the "-" in the name is converted to "_" in the name).
I am looking out for suggestions on the recent vulnerability(https://blogs.apache.org/security/entry/cve-2022-42889) which is also coming from the wso2 IS 5.11 binary downloaded from(https://github.com/wso2/product-is/releases/tag/v5.11.0) and the carbon libraries we are using in custom plugins like:
<groupId>org.wso2.carbon.identity.framework</groupId><artifactId>org.wso2.carbon.identity.mgt</artifactId>
<version>5.18.187</version>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.application.authentication.framework</artifactId>
<version>5.18.187</version>
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.provisioning</artifactId>
<version>5.18.187</version>
As there any upgrades to these which is compatible with wso2 IS v5.11?
From wso2 advisories, it is mentioned that the vulnerability has no impact on the products [1] since the preconditions are not met and the team promises of fixing the vulnerable versions and (paid) customers will be able to obtain it through their security update once it is available. Along with this effort, the public fix will be done for the current public branch and will be available if you build the product-is from the repository. The timeline for the public fix is yet to be known.
And the suggested upgrade would be to 1.10.0 of Apache Commons Text library for 5.11.0.
This library comes to Identity server 5.11 pack mainly through Forget me tool. And in the latest release (wso2is-6.0.0), forget me tool has been externalized[2] which could be used in the product on demand.
Refer:
[1] https://docs.wso2.com/display/Security/CVE-2022-42889
[2] https://is.docs.wso2.com/en/latest/deploy/remove-references-to-deleted-user-identities/#building-the-identity-anonymization-tool
I'm currently following the WSO2 documentation on installing the BPS tooling plugin and the link given for the BPS tooling is not working(Step 4).
https://docs.wso2.com/display/BPS360/Installing+the+BPS+Tooling+Plug-In
Any resolution or an alternative method to install the same is highly appreciated.
Thanks in advance.
You should not be referring to these documents. These are for the old BPS server, which was later merged with EI and now it's discontinued. BPMN and BPEL extensions are already there in Integration Studio, hence you don't have to install any additional plugins. You can simply create a new project with the relevant type and start building your workflows. Here are tutorials you can refer to.
(I know that this sounds as a newbie questions, but, you know, really, I don't finde the answer in docs)
In WSO2 products, and specifically in API Manager (2.1.0), we have to modify a lot of configuration files just to start.
We have seen that some configuration files (api-manager.xml, carbon.xml) use configurations variables. E.g., ${admin.username} to substitute by admin user.
We have found an old post (2016) explaining the use of configuration variables in WSO2 products
https://medium.com/#shan1024/overriding-configurations-in-wso2-products-using-deployment-properties-file-f096e96f782d
But we are not able to find the deployment.properties files referenced in that post, neither and official documentation.
Do you know if this works in APIM? Where have I to install this file?
As far as I know, deployment.yaml was introduced in Carbon kernel 5.2 onwards. But WSO2 APIM 2.x is based on Carbon kernel 4.4.X. Therefore APIM 2.x doesn't support that.
WSO2 APIM 3.X will support this feature.
I'm currently experimenting/working on WSO2. What i'm trying to do is to have Data Analytics server configured. I started by following the below specified URL
https://docs.wso2.com/display/AM210/Configuring+APIM+Analytics#9d6747f5c0074928b18599abe472987d (Quick Steps)
After performing all the steps, i get the following issue on APIM cmd prompt
YES Its pretty evident from the error that no such table exists BUT that is exactly the issue i'm facing. What could really be the cause here?
Consider the following points:
I've not followed ALL the steps mentioned on
https://docs.wso2.com/display/DAS310/Getting+Started (BUT are they
required?)
In the installation prerequisites for DAS, JDBC-compliant Connector for Java is required which I've not yet installed (BUT its not mandatory at the same time)
Most of the QUICK STEPS for the configuration of DAS in the specified URL i.e. https://docs.wso2.com/display/AM210/Configuring+APIM+Analytics#9d6747f5c0074928b18599abe472987d where already in place and i only had to
Set Up JDK, ANT, Maven
enable the analytics section in the API-M_HOME/repository/conf/api-manager.xml
add log4j.rootLogger=, DAS_AGENT to API-M_HOME/repository/conf/log4j.properties
add snappy-java_1.1.1.7.jar to DAS_HOME\repository\components\lib
Yet the issue persists, Do let me know of what you think. Thank you
Since you are following quick start guide please extract the WSO2 API Manager and the WSO2 API-M Analytics distributions (zip files), to the same directory (preferably an empty directory).
Also, you need to generate some traffic to the published APIs in order to analytics server to create this table for the first time.