You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Jacques Le Roux <ja...@les7arts.com> on 2019/06/06 13:45:12 UTC
Releasing 16.11.06 and vulnerable js libs
Hi,
The PMC wants to release the 16.11.06 version "soon" (ASAP actually). For that some points need to be done.
One notably is OFBIZ-10678 "Check embedded Javascript libs vulnerabilities using retire.js"
I had a look today and there are no high vulnerabilities which is good.
There are few medium and low and it would be better to fix them. Notably because 16.11.06 will certainly be our last R16 version.
I expect to work on it but I have other important tasks to do before we can release (removing Gradle and OFBIZ-10427 come to mind) and all help would
be appreciated
TIA
Jacques
Re: Releasing 16.11.06 and vulnerable js libs
Posted by Aditya Sharma <ad...@apache.org>.
Hi Jacques,
I am up for it.
Thanks and Regards
Aditya Sharma
On Thu, Jun 6, 2019, 7:16 PM Jacques Le Roux <ja...@les7arts.com>
wrote:
> Hi,
>
> The PMC wants to release the 16.11.06 version "soon" (ASAP actually). For
> that some points need to be done.
>
> One notably is OFBIZ-10678 "Check embedded Javascript libs vulnerabilities
> using retire.js"
>
> I had a look today and there are no high vulnerabilities which is good.
>
> There are few medium and low and it would be better to fix them. Notably
> because 16.11.06 will certainly be our last R16 version.
>
> I expect to work on it but I have other important tasks to do before we
> can release (removing Gradle and OFBIZ-10427 come to mind) and all help
> would
> be appreciated
>
> TIA
>
> Jacques
>
>