You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@turbine.apache.org by tv...@apache.org on 2019/02/28 09:53:58 UTC
svn commit: r1854514 - in /turbine/core/trunk: pom.xml
src/changes/changes.xml
Author: tv
Date: Thu Feb 28 09:53:58 2019
New Revision: 1854514
URL: http://svn.apache.org/viewvc?rev=1854514&view=rev
Log:
Update jython to jython-standalone 2.7.1
Use log4j-jcl instead of redirection through slf4j
Update dependency-check-maven plugin to 5.0.0-M1 to fix proxy issues
Modified:
turbine/core/trunk/pom.xml
turbine/core/trunk/src/changes/changes.xml
Modified: turbine/core/trunk/pom.xml
URL: http://svn.apache.org/viewvc/turbine/core/trunk/pom.xml?rev=1854514&r1=1854513&r2=1854514&view=diff
==============================================================================
--- turbine/core/trunk/pom.xml (original)
+++ turbine/core/trunk/pom.xml Thu Feb 28 09:53:58 2019
@@ -532,7 +532,7 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
- <version>3.1.2</version><!-- requires mvn version > 3.3! For older version try to check v 3.2.1 or 3.1.2 -->
+ <version>5.0.0-M1</version>
<executions>
<execution>
<goals>
@@ -1061,10 +1061,9 @@
<version>1.1.1</version>
</dependency>
<dependency>
- <!-- TODO update to stable 2.7.1, because of CVE-2016-5699 -->
<groupId>org.python</groupId>
- <artifactId>jython</artifactId>
- <version>2.7.0</version>
+ <artifactId>jython-standalone</artifactId>
+ <version>2.7.1</version>
<optional>true</optional>
</dependency>
<dependency>
@@ -1095,19 +1094,9 @@
</exclusions>
</dependency>
<dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- <version>${slf4j.version}</version>
- </dependency>
- <dependency> <!-- redirect JCL to slf4j, Turbine + Avalon do use commons loggers -->
- <groupId>org.slf4j</groupId>
- <artifactId>jcl-over-slf4j</artifactId>
- <version>${slf4j.version}</version>
- </dependency>
- <dependency><!-- delegate slf4j to log4j2, no logback -->
- <groupId>org.apache.logging.log4j</groupId>
- <artifactId>log4j-slf4j-impl</artifactId>
- <version>${log4j2.version}</version>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-jcl</artifactId>
+ <version>${log4j2.version}</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
Modified: turbine/core/trunk/src/changes/changes.xml
URL: http://svn.apache.org/viewvc/turbine/core/trunk/src/changes/changes.xml?rev=1854514&r1=1854513&r2=1854514&view=diff
==============================================================================
--- turbine/core/trunk/src/changes/changes.xml (original)
+++ turbine/core/trunk/src/changes/changes.xml Thu Feb 28 09:53:58 2019
@@ -25,6 +25,12 @@
<body>
<release version="5.0" date="in Subversion">
+ <action type="update" dev="tv">
+ Update jython to jython-standalone 2.7.1
+ </action>
+ <action type="update" dev="tv">
+ Use log4j-jcl instead of redirection through slf4j
+ </action>
<action type="update" dev="jp">
Update fulcrum component releases:
fulcrum-quartz 1.1.1
@@ -38,7 +44,7 @@
fulcrum-crypto 1.0.8
fulcrum-xslt 1.1.1
</action>
- <action type="update" dev="gk">
+ <action type="update" dev="gk">
Update from log4j to log4j2, redirect JCL to slf4j
</action>
<action type="update" dev="jp">