You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cxf.apache.org by de...@bt.com.INVALID on 2022/11/24 14:25:45 UTC

RE: cxf-codegen-plugin next releases

Hi Apache CXF Dev Team,

Kindly can you provide an update on my request below ?

The latest version of cxf-codegen-plugin<https://mvnrepository.com/artifact/org.apache.cxf/cxf-codegen-plugin>(3.5.4) have dependency on cxf-tools-wsdlto-frontend-jaxws<https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4). This cxf-tools-wsdlto-frontend-jaxws<https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4) have a dependency on commons-text-1.9. The commons-text-1.9 have direct security vulnerability as CVE-2022-42889.

But commons-text-1.10.0 does not have any security vulnerability. Kindly can you let us know if there is any plan and timeline when the next verion of cxf-codegen-plugin will be released which will have transitive dependency on commons-text-1.10.0 ?



[cid:image001.png@01D9003D.3C664280]
        Deb


Thanks and Regards,
Debabrata Deb

From: Deb,D,Debabrata,QDB C
Sent: 16 November 2022 18:05
To: 'dev@cxf.apache.org' <de...@cxf.apache.org>
Cc: Nagare,N,Narendra,QDH R <na...@bt.com>
Subject: RE: cxf-codegen-plugin next releases



Hi Apache CXF Dev Team,

Kindly can you provide an update on my request below ?



[cid:image001.png@01D9003D.3C664280]
        Deb


Thanks and Regards,
Debabrata Deb

From: Deb,D,Debabrata,QDB C
Sent: 08 November 2022 21:39
To: dev@cxf.apache.org<ma...@cxf.apache.org>
Cc: Nagare,N,Narendra,QDH R <na...@bt.com>>
Subject: cxf-codegen-plugin next releases



Hi Apache CXF Dev Team,

Greetings!!

The latest version of cxf-codegen-plugin<https://mvnrepository.com/artifact/org.apache.cxf/cxf-codegen-plugin>(3.5.4) have dependency on cxf-tools-wsdlto-frontend-jaxws<https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4). This cxf-tools-wsdlto-frontend-jaxws<https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4) have a dependency on commons-text-1.9. The commons-text-1.9 have direct security vulnerability as CVE-2022-42889.

But commons-text-1.10.0 does not have any security vulnerability. Kindly can you let us know if there is any plan and timeline when the next verion of cxf-codegen-plugin will be released which will have transitive dependency on commons-text-1.10.0 ?



[cid:image001.png@01D9003D.3C664280]
        Deb


Thanks and Regards,
Debabrata Deb

Re: cxf-codegen-plugin next releases

Posted by Gary Gregory <ga...@gmail.com>.

You can update the dependency in your own POM or whatever dependency system
you happen to have.

Gary

On Mon, Nov 28, 2022, 10:28 <de...@bt.com.invalid> wrote:

> Hi Apache CXF Dev Team,
>
>
>
> Kindly can you provide an update on my request below ?
>
>
>
> The latest version of cxf-codegen-plugin
> <https://mvnrepository.com/artifact/org.apache.cxf/cxf-codegen-plugin>(3.5.4)
> have dependency on cxf-tools-wsdlto-frontend-jaxws
> <https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4).
> This cxf-tools-wsdlto-frontend-jaxws
> <https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4)
> have a dependency on commons-text-1.9. The commons-text-1.9 have direct
> security vulnerability as *CVE-2022-42889*.
>
>
>
> *But commons-text-1.10.0 does not have any security vulnerability. Kindly
> can you let us know if there is any plan and timeline when the next verion
> of cxf-codegen-plugin will be released which will have transitive
> dependency on commons-text-1.10.0 ?*
>
>
>
>
>
>
>
>         *Deb*
>
>
>
>
>
> *Thanks and Regards,*
>
> *Debabrata Deb*
>
>
>
> *From:* Deb,D,Debabrata,QDB C
> *Sent:* 16 November 2022 18:05
> *To:* 'dev@cxf.apache.org' <de...@cxf.apache.org>
> *Cc:* Nagare,N,Narendra,QDH R <na...@bt.com>
> *Subject:* RE: cxf-codegen-plugin next releases
>
>
>
>
>
>
>
> Hi Apache CXF Dev Team,
>
>
>
> Kindly can you provide an update on my request below ?
>
>
>
>
>
>
>
>         *Deb*
>
>
>
>
>
> *Thanks and Regards,*
>
> *Debabrata Deb*
>
>
>
> *From:* Deb,D,Debabrata,QDB C
> *Sent:* 08 November 2022 21:39
> *To:* dev@cxf.apache.org
> *Cc:* Nagare,N,Narendra,QDH R <na...@bt.com>
> *Subject:* cxf-codegen-plugin next releases
>
>
>
>
>
>
>
> Hi Apache CXF Dev Team,
>
>
>
> Greetings!!
>
>
>
> The latest version of cxf-codegen-plugin
> <https://mvnrepository.com/artifact/org.apache.cxf/cxf-codegen-plugin>(3.5.4)
> have dependency on cxf-tools-wsdlto-frontend-jaxws
> <https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4).
> This cxf-tools-wsdlto-frontend-jaxws
> <https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4)
> have a dependency on commons-text-1.9. The commons-text-1.9 have direct
> security vulnerability as *CVE-2022-42889*.
>
>
>
> *But commons-text-1.10.0 does not have any security vulnerability. Kindly
> can you let us know if there is any plan and timeline when the next verion
> of cxf-codegen-plugin will be released which will have transitive
> dependency on commons-text-1.10.0 ?*
>
>
>
>
>
>
>
>         *Deb*
>
>
>
>
>
> *Thanks and Regards,*
>
> *Debabrata Deb*
>
>
>

Re: cxf-codegen-plugin next releases

Posted by Gary Gregory <ga...@gmail.com>.

You can update the dependency in your own POM or whatever dependency system
you happen to have.

Gary

On Mon, Nov 28, 2022, 10:28 <de...@bt.com.invalid> wrote:

> Hi Apache CXF Dev Team,
>
>
>
> Kindly can you provide an update on my request below ?
>
>
>
> The latest version of cxf-codegen-plugin
> <https://mvnrepository.com/artifact/org.apache.cxf/cxf-codegen-plugin>(3.5.4)
> have dependency on cxf-tools-wsdlto-frontend-jaxws
> <https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4).
> This cxf-tools-wsdlto-frontend-jaxws
> <https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4)
> have a dependency on commons-text-1.9. The commons-text-1.9 have direct
> security vulnerability as *CVE-2022-42889*.
>
>
>
> *But commons-text-1.10.0 does not have any security vulnerability. Kindly
> can you let us know if there is any plan and timeline when the next verion
> of cxf-codegen-plugin will be released which will have transitive
> dependency on commons-text-1.10.0 ?*
>
>
>
>
>
>
>
>         *Deb*
>
>
>
>
>
> *Thanks and Regards,*
>
> *Debabrata Deb*
>
>
>
> *From:* Deb,D,Debabrata,QDB C
> *Sent:* 16 November 2022 18:05
> *To:* 'dev@cxf.apache.org' <de...@cxf.apache.org>
> *Cc:* Nagare,N,Narendra,QDH R <na...@bt.com>
> *Subject:* RE: cxf-codegen-plugin next releases
>
>
>
>
>
>
>
> Hi Apache CXF Dev Team,
>
>
>
> Kindly can you provide an update on my request below ?
>
>
>
>
>
>
>
>         *Deb*
>
>
>
>
>
> *Thanks and Regards,*
>
> *Debabrata Deb*
>
>
>
> *From:* Deb,D,Debabrata,QDB C
> *Sent:* 08 November 2022 21:39
> *To:* dev@cxf.apache.org
> *Cc:* Nagare,N,Narendra,QDH R <na...@bt.com>
> *Subject:* cxf-codegen-plugin next releases
>
>
>
>
>
>
>
> Hi Apache CXF Dev Team,
>
>
>
> Greetings!!
>
>
>
> The latest version of cxf-codegen-plugin
> <https://mvnrepository.com/artifact/org.apache.cxf/cxf-codegen-plugin>(3.5.4)
> have dependency on cxf-tools-wsdlto-frontend-jaxws
> <https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4).
> This cxf-tools-wsdlto-frontend-jaxws
> <https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4)
> have a dependency on commons-text-1.9. The commons-text-1.9 have direct
> security vulnerability as *CVE-2022-42889*.
>
>
>
> *But commons-text-1.10.0 does not have any security vulnerability. Kindly
> can you let us know if there is any plan and timeline when the next verion
> of cxf-codegen-plugin will be released which will have transitive
> dependency on commons-text-1.10.0 ?*
>
>
>
>
>
>
>
>         *Deb*
>
>
>
>
>
> *Thanks and Regards,*
>
> *Debabrata Deb*
>
>
>