You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@groovy.apache.org by "Remko Popma (JIRA)" <ji...@apache.org> on 2019/02/19 12:27:00 UTC

[jira] [Resolved] (GROOVY-9001) Bump picocli to 3.9.5 from 3.9.3

     [ https://issues.apache.org/jira/browse/GROOVY-9001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Remko Popma resolved GROOVY-9001.
---------------------------------
    Resolution: Fixed

Fixed in master and the 2_5_X branch.

> Bump picocli to 3.9.5 from 3.9.3
> --------------------------------
>
>                 Key: GROOVY-9001
>                 URL: https://issues.apache.org/jira/browse/GROOVY-9001
>             Project: Groovy
>          Issue Type: Dependency upgrade
>          Components: command line processing
>    Affects Versions: 2.5.6
>            Reporter: Remko Popma
>            Assignee: Remko Popma
>            Priority: Major
>             Fix For: 2.5.7
>
>
> This upgrade is important: native code included in jansi-1.14 (included in Gradle 4.5.x) seems to have a bug that can crash the JVM.
> (Version details: RHEL 3.10.0-327.44.2.el7.x86_64 on Java 1.8.0_112-b15
> Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)).
> Picocli 3.9.5 will _only_ load jansi classes when running on Windows. Picocli versions  3.9.0 to 3.9.4 may load jansi classes when running on non-Windows platforms and are vulnerable to this problem.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)