oodt-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Kelly <ke...@apache.org>
Subject Re: CVEs etc
Date Mon, 11 Sep 2017 16:31:05 GMT
Huh. That's a nifty tool.

A little frightening.

--k
> Tom Barber <mailto:tom@spicule.co.uk>
> 2017-09-9 at 8.03 a
> Hi folks
>
> This isn't supposed to be an alarmist email, but quite enlightening 
> all the
> same.
>
> I saw a link to a plugin on the Drill mailing list called Dependency Check
> Report so I wired it into my OODT repo amongst others to see what was
> flagged up since the Struts fallout.
>
> Anyway, of course its unlikely but not out of the question to run OODT
> fronting on to the interwebs so I think this is decent food for thought as
> to why its useful to keep dependencies up to date as much as possible.
>
> Here's a selection of the output:
>
> https://www.dropbox.com/s/2ida8dk54yleedo/curator-webapp.html?dl=0
> https://www.dropbox.com/s/wgt1facgjhqiqkq/fmbrowser.html?dl=0
> https://www.dropbox.com/s/o8kqcaktplzjy4y/metadata.html?dl=0
> https://www.dropbox.com/s/cli4pj4jc564f16/pge.html?dl=0
>
> Of course there is a bunch of repetition in there and plenty that aren't
> over the top severe, some may also be false positives, but as we work
> through to OODT 2.0 with the new stuff and chopping out the old stuff,
> reducing these as much as possible I would posture.
>
> Tom
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message