chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Pavlin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CMIS-1077) need to update out-of-date dependencies with CVEs
Date Tue, 23 Jul 2019 16:50:00 GMT

    [ https://issues.apache.org/jira/browse/CMIS-1077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16891199#comment-16891199
] 

Andrew Pavlin commented on CMIS-1077:
-------------------------------------

Thank you for the updates. Alas, Apache HttpClient is still seriously out of date (still using
4.2.6, where 4.5.9 is today's release). The others are close enough to current to be acceptable.

Sorry it took so long to get back; it took a while for me to be able to pull a snapshot.

> need to update out-of-date dependencies with CVEs
> -------------------------------------------------
>
>                 Key: CMIS-1077
>                 URL: https://issues.apache.org/jira/browse/CMIS-1077
>             Project: Chemistry
>          Issue Type: Bug
>          Components: opencmis-client, opencmis-client-bindings, opencmis-commons
>    Affects Versions: OpenCMIS 1.1.0
>            Reporter: Andrew Pavlin
>            Priority: Major
>
> The last official build of Chemistry is badly out of date with regard to its dependencies.
Would it be possible to come out with a patch release that brings those dependencies up-to-date?
Specifically, for the sub-parts of Chemistry our project is using, the obsolete dependencies
are:
> Apache Httpcomponents (using 4.2.6, currently 4.5)
> com.squareup.okhttp3 (using 3.4.1, currently 3.13.1)
> Apache CXF (using 3.0.12, currently 3.3.2)
> org.osgi.core (using 5.0.0, currently 6.0.0)



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Mime
View raw message