You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@slider.apache.org by "Steve Loughran (JIRA)" <ji...@apache.org> on 2016/02/24 10:54:18 UTC
[jira] [Updated] (SLIDER-1091) Upgrade test-time dependency on
Groovy to 2.4.4
[ https://issues.apache.org/jira/browse/SLIDER-1091?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Steve Loughran updated SLIDER-1091:
-----------------------------------
Summary: Upgrade test-time dependency on Groovy to 2.4.4 (was: Upgrade test-time dependency on Groovy )
> Upgrade test-time dependency on Groovy to 2.4.4
> -----------------------------------------------
>
> Key: SLIDER-1091
> URL: https://issues.apache.org/jira/browse/SLIDER-1091
> Project: Slider
> Issue Type: Bug
> Components: build, security, test
> Affects Versions: Slider 0.90.2
> Reporter: Steve Loughran
> Assignee: Steve Loughran
>
> [CVE-2015-3253|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253] means that the groovy version we use for tests must be considered insecure.
> There is no vulnerability in Slider release: We don't distribute groovy. Nor we do any object serialization, which is the vulnerability. However, we should upgrade anyway
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)