You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by GitBox <gi...@apache.org> on 2022/10/31 15:24:19 UTC

[GitHub] [maven-javadoc-plugin] Neutius commented on pull request #170: Bump commons-text version to 1.10.0 to address CVE-2022-42889

Neutius commented on PR #170:
URL: https://github.com/apache/maven-javadoc-plugin/pull/170#issuecomment-1297256661

   Hi! We're using the maven-javadoc-plugin at our company, and our parent company's IT department is complaining about "dangerous" code that is present on our build server. Turns out, they want to eradicate all uses and presence of commons-text version 1.9 and below.
   
   They are probably overreacting more than slightly, but it would save me, my team and our department a lot of headache if the maven-javadoc-plugin could upgrade to version 1.10.0
   
   @michael-o Are you really adamant about not wanting a property for a single version? @sman-81 gave some context for his choice, are you able to agree with him on this?
   
   Thanks in advance :)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org