You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@slider.apache.org by "Steve Loughran (JIRA)" <ji...@apache.org> on 2016/02/24 10:46:18 UTC
[jira] [Created] (SLIDER-1091) Upgrade test-time dependency on
Groovy
Steve Loughran created SLIDER-1091:
--------------------------------------
Summary: Upgrade test-time dependency on Groovy
Key: SLIDER-1091
URL: https://issues.apache.org/jira/browse/SLIDER-1091
Project: Slider
Issue Type: Bug
Components: build, security, test
Affects Versions: Slider 0.90.2
Reporter: Steve Loughran
Assignee: Steve Loughran
[CVE-2015-3253|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253] means that the groovy version we use for tests must be considered insecure.
There is no vulnerability in Slider release: We don't distribute groovy. Nor we do any object serialization, which is the vulnerability. However, we should upgrade anyway
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)