You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@maven.apache.org by eo...@apache.org on 2019/06/04 12:33:38 UTC

[maven-archetype] branch master updated: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 year

This is an automated email from the ASF dual-hosted git repository.

eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-archetype.git


The following commit(s) were added to refs/heads/master by this push:
     new fc9a5ff  ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 year
fc9a5ff is described below

commit fc9a5ff0efe1b076313b51180ac53d841d430620
Author: Tony Homer <to...@intel.com>
AuthorDate: Fri May 31 11:45:31 2019 -0700

    ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8)
    dom4j 2.1.1 requires Java 8
    dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632
    dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 year
    
    Signed-off-by: Tony Homer <to...@intel.com>
---
 Jenkinsfile              | 2 +-
 archetype-common/pom.xml | 2 +-
 pom.xml                  | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index ddbf133..fbaa780 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -17,4 +17,4 @@
  * under the License.
  */
 
-asfMavenTlpPlgnBuild(tmpWs: true)
+asfMavenTlpPlgnBuild(tmpWs: true, jdk:['8','11','12','13'])
diff --git a/archetype-common/pom.xml b/archetype-common/pom.xml
index 84eec1a..f20dacf 100644
--- a/archetype-common/pom.xml
+++ b/archetype-common/pom.xml
@@ -78,7 +78,7 @@
       <version>1.5.5</version>
     </dependency>
     <dependency>
-      <groupId>dom4j</groupId>
+      <groupId>org.dom4j</groupId>
       <artifactId>dom4j</artifactId>
     </dependency>
     <dependency>
diff --git a/pom.xml b/pom.xml
index e72cec7..bf1bb1f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -74,7 +74,7 @@
   <properties>
     <maven.archetype.scm.devConnection>scm:git:https://gitbox.apache.org/repos/asf/maven-archetype.git</maven.archetype.scm.devConnection>
     <mavenVersion>3.0</mavenVersion>
-    <javaVersion>7</javaVersion>
+    <javaVersion>8</javaVersion>
     <netbeans.hint.useExternalMaven>true</netbeans.hint.useExternalMaven>
     <wagonVersion>2.8</wagonVersion>
     <surefire.version>2.21.0</surefire.version>
@@ -193,9 +193,9 @@
         </exclusions>
       </dependency>
       <dependency>
-        <groupId>dom4j</groupId>
+        <groupId>org.dom4j</groupId>
         <artifactId>dom4j</artifactId>
-        <version>1.6.1</version>
+        <version>2.1.1</version>
       </dependency>
       <dependency>
         <groupId>jdom</groupId>