You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Shawn McKinney (Jira)" <ji...@apache.org> on 2019/12/10 17:46:00 UTC
[jira] [Commented] (FC-274) Upgrade maven plugins and dependencies
[ https://issues.apache.org/jira/browse/FC-274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16992763#comment-16992763 ]
Shawn McKinney commented on FC-274:
-----------------------------------
More changes to core depends:
<!-- This
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
<version>${version.jaxb}</version>
<scope>test</scope>
</dependency>
-->
To:
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-impl</artifactId>
<version>2.3.2</version>
<scope>test</scope>
</dependency>
<!-- and this:
<dependency>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-core</artifactId>
<version>${version.jaxb}</version>
<scope>test</scope>
</dependency>
To:
<!-- https://mvnrepository.com/artifact/org.glassfish.jaxb/jaxb-core -->
<dependency>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-core</artifactId>
<version>2.3.0.1</version>
<scope>test</scope>
</dependency>
> Upgrade maven plugins and dependencies
> ---------------------------------------
>
> Key: FC-274
> URL: https://issues.apache.org/jira/browse/FC-274
> Project: FORTRESS
> Issue Type: Improvement
> Affects Versions: 2.0.3
> Reporter: Shawn McKinney
> Assignee: Shawn McKinney
> Priority: Major
> Fix For: 2.0.4
>
>
> Exclude dom4j from ldap api due to CVE-2018-1000632.
>
> Note, this has been upgraded to proper version in latest api, but fortress is on back level 1.x
>
> <dom4j.version>2.1.1</dom4j.version>
>
> More changes to depends:
> fortress core:
> [INFO] The following dependencies in Dependencies have newer versions:
> [INFO] com.fasterxml.jackson.core:jackson-annotations ....... 2.9.7 -> 2.10.1 *
> [INFO] commons-codec:commons-codec ............................. 1.11 -> 1.13 *
> [INFO] javax:javaee-api ........................................ 8.0 -> 8.0.1 *
> [INFO] javax.ws.rs:javax.ws.rs-api ............................. 2.1 -> 2.1.1 *
> [INFO] org.apache.httpcomponents:httpclient ................. 4.5.6 -> 4.5.10 *
> [INFO] org.apache.httpcomponents:httpcore .................. 4.4.10 -> 4.4.12 *
> [INFO] org.jasypt:jasypt ..................................... 1.9.2 -> 1.9.3 *
> [INFO] org.jgrapht:jgrapht-core .............................. 1.0.0 -> 1.3.1 *
> [INFO] org.slf4j:slf4j-api ........................... 1.7.21 -> 2.0.0-alpha1 * (1.7.29)
> [INFO] org.slf4j:slf4j-log4j12 ....................... 1.7.21 -> 2.0.0-alpha1 * (1.7.29)
>
> also updated plugs for core:
>
> [INFO] maven-assembly-plugin ................................ 3.0.0 -> 3.2.0
> [INFO] maven-clean-plugin ................................... 3.0.0 -> 3.1.0
> [INFO] maven-compiler-plugin ................................ 3.8.0 -> 3.8.1
> [INFO] maven-deploy-plugin ................................. 2.8.2 -> 3.0.0-M1
> [INFO] maven-install-plugin ................................ 2.5.2 -> 3.0.0-M1
> [INFO] maven-jar-plugin ..................................... 3.0.2 -> 3.2.0
> [INFO] maven-site-plugin ...................................... 3.4 -> 3.8.2
> [INFO] maven-source-plugin .................................. 3.0.0 -> 3.2.0
> [INFO] org.owasp:dependency-check-maven ..................... 3.3.4 -> 5.0.0
>
> except for:
> [INFO] maven-surefire-plugin ............................ 2.18.1 -> 3.0.0-M4
>
> which causes the test behavior to change.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org