You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Shawn McKinney (Jira)" <ji...@apache.org> on 2019/12/10 16:40:00 UTC

[jira] [Created] (FC-274) Upgrade maven plugins and dependencies

Shawn McKinney created FC-274:
---------------------------------

             Summary: Upgrade maven plugins and dependencies 
                 Key: FC-274
                 URL: https://issues.apache.org/jira/browse/FC-274
             Project: FORTRESS
          Issue Type: Improvement
    Affects Versions: 2.0.3
            Reporter: Shawn McKinney
            Assignee: Shawn McKinney
             Fix For: 2.0.4


Exclude dom4j from ldap api due to CVE-2018-1000632.  

 

Note, this has been upgraded to proper version in latest api, but fortress is on back level 1.x

 

<dom4j.version>2.1.1</dom4j.version>

 

More changes to depends:

fortress core:

[INFO] The following dependencies in Dependencies have newer versions:
[INFO] com.fasterxml.jackson.core:jackson-annotations ....... 2.9.7 -> 2.10.1 *
[INFO] commons-codec:commons-codec ............................. 1.11 -> 1.13 *
[INFO] javax:javaee-api ........................................ 8.0 -> 8.0.1 *
[INFO] javax.ws.rs:javax.ws.rs-api ............................. 2.1 -> 2.1.1 *
[INFO] org.apache.httpcomponents:httpclient ................. 4.5.6 -> 4.5.10 *
[INFO] org.apache.httpcomponents:httpcore .................. 4.4.10 -> 4.4.12 *
[INFO] org.jasypt:jasypt ..................................... 1.9.2 -> 1.9.3 *
[INFO] org.jgrapht:jgrapht-core .............................. 1.0.0 -> 1.3.1 *
[INFO] org.slf4j:slf4j-api ........................... 1.7.21 -> 2.0.0-alpha1 * (1.7.29)
[INFO] org.slf4j:slf4j-log4j12 ....................... 1.7.21 -> 2.0.0-alpha1 * (1.7.29)

 

also updated plugs for core:

 

[INFO] maven-assembly-plugin ................................ 3.0.0 -> 3.2.0
[INFO] maven-clean-plugin ................................... 3.0.0 -> 3.1.0
[INFO] maven-compiler-plugin ................................ 3.8.0 -> 3.8.1
[INFO] maven-deploy-plugin ................................. 2.8.2 -> 3.0.0-M1
[INFO] maven-install-plugin ................................ 2.5.2 -> 3.0.0-M1
[INFO] maven-jar-plugin ..................................... 3.0.2 -> 3.2.0
[INFO] maven-site-plugin ...................................... 3.4 -> 3.8.2
[INFO] maven-source-plugin .................................. 3.0.0 -> 3.2.0
[INFO] org.owasp:dependency-check-maven ..................... 3.3.4 -> 5.0.0

 

except for: 

[INFO] maven-surefire-plugin ............................ 2.18.1 -> 3.0.0-M4

 

which causes the test behavior to change.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org