Releasing 16.11.06 and vulnerable js libs

[Jacques Le Roux <ja...@les7arts.com>]

Hi,

The PMC wants to release the 16.11.06 version "soon" (ASAP actually). For that some points need to be done.

One notably is OFBIZ-10678 "Check embedded Javascript libs vulnerabilities using retire.js"

I had a look today and there are no high vulnerabilities which is good.

There are few medium and low and it would be better to fix them. Notably because 16.11.06 will certainly be our last R16 version.

I expect to work on it but I have other important tasks to do before we can release (removing Gradle and OFBIZ-10427 come to mind) and all help would 
be appreciated

TIA

Jacques

Re: Releasing 16.11.06 and vulnerable js libs

[Aditya Sharma <ad...@apache.org>]

Hi Jacques,

I am up for it.

Thanks and Regards
Aditya Sharma

On Thu, Jun 6, 2019, 7:16 PM Jacques Le Roux <ja...@les7arts.com>
wrote:

> Hi,
>
> The PMC wants to release the 16.11.06 version "soon" (ASAP actually). For
> that some points need to be done.
>
> One notably is OFBIZ-10678 "Check embedded Javascript libs vulnerabilities
> using retire.js"
>
> I had a look today and there are no high vulnerabilities which is good.
>
> There are few medium and low and it would be better to fix them. Notably
> because 16.11.06 will certainly be our last R16 version.
>
> I expect to work on it but I have other important tasks to do before we
> can release (removing Gradle and OFBIZ-10427 come to mind) and all help
> would
> be appreciated
>
> TIA
>
> Jacques
>
>