chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Pavlin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CMIS-1077) need to update out-of-date dependencies with CVEs
Date Tue, 23 Jul 2019 17:31:00 GMT

    [ https://issues.apache.org/jira/browse/CMIS-1077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16891230#comment-16891230
] 

Andrew Pavlin commented on CMIS-1077:
-------------------------------------

Also, it won't build. I'm getting a failure from the Maven enforcer:

INFO] Storing buildScmBranch: trunk
[INFO] 
[INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (enforce-maven-version) @ chemistry-opencmis
---
[INFO] 
[INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (enforce-versions) @ chemistry-opencmis
---
[WARNING] Rule 0: org.apache.maven.plugins.enforcer.RequireJavaVersion failed with message:
Detected JDK Version: 1.8.0-102 is not in the allowed range [12,).

Have these dependency updates forced use of Java 12?

> need to update out-of-date dependencies with CVEs
> -------------------------------------------------
>
>                 Key: CMIS-1077
>                 URL: https://issues.apache.org/jira/browse/CMIS-1077
>             Project: Chemistry
>          Issue Type: Bug
>          Components: opencmis-client, opencmis-client-bindings, opencmis-commons
>    Affects Versions: OpenCMIS 1.1.0
>            Reporter: Andrew Pavlin
>            Priority: Major
>
> The last official build of Chemistry is badly out of date with regard to its dependencies.
Would it be possible to come out with a patch release that brings those dependencies up-to-date?
Specifically, for the sub-parts of Chemistry our project is using, the obsolete dependencies
are:
> Apache Httpcomponents (using 4.2.6, currently 4.5)
> com.squareup.okhttp3 (using 3.4.1, currently 3.13.1)
> Apache CXF (using 3.0.12, currently 3.3.2)
> org.osgi.core (using 5.0.0, currently 6.0.0)



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Mime
View raw message