You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@slider.apache.org by "Steve Loughran (JIRA)" <ji...@apache.org> on 2016/02/24 10:46:18 UTC

[jira] [Created] (SLIDER-1091) Upgrade test-time dependency on Groovy

Steve Loughran created SLIDER-1091:
--------------------------------------

             Summary: Upgrade test-time dependency on Groovy 
                 Key: SLIDER-1091
                 URL: https://issues.apache.org/jira/browse/SLIDER-1091
             Project: Slider
          Issue Type: Bug
          Components: build, security, test
    Affects Versions: Slider 0.90.2
            Reporter: Steve Loughran
            Assignee: Steve Loughran


[CVE-2015-3253|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253] means that the groovy version we use for tests must be considered insecure.

There is no vulnerability in Slider release: We don't distribute groovy. Nor we do any object serialization, which is the vulnerability. However, we should upgrade anyway



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)