maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tony Homer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ARCHETYPE-568) Removed dom4j library
Date Mon, 10 Jun 2019 20:51:00 GMT

    [ https://issues.apache.org/jira/browse/ARCHETYPE-568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16860320#comment-16860320
] 

Tony Homer commented on ARCHETYPE-568:
--------------------------------------

Thanks for the update [~tibordigana].

> Removed dom4j library
> ---------------------
>
>                 Key: ARCHETYPE-568
>                 URL: https://issues.apache.org/jira/browse/ARCHETYPE-568
>             Project: Maven Archetype
>          Issue Type: Improvement
>            Reporter: Tibor Digana
>            Assignee: Tibor Digana
>            Priority: Major
>             Fix For: 3.1.1
>
>
> Due to the vulnerable to CVE-2018-1000632 in dom4j:1.6.1 we are removing the library
and we use Java XML API instead. The vulnerable to CVE-2018-1000632 is fixed in dom4j:2.2.1
at Java 1.8 which breaks the current bytecode version 1.7 in this project. Improved code is
very small. Originally the code was duplicated twice. We made a refactoring and new code with
Java API has no duplicates. Particular unit tests were improved using {{xmlunit-matchers}}.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message