You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tapestry.apache.org by "D Tim Cummings (Jira)" <ji...@apache.org> on 2021/12/14 23:30:00 UTC

[jira] [Commented] (TAP5-2690) Update quickstart to make Spring Boot optional

    [ https://issues.apache.org/jira/browse/TAP5-2690?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459564#comment-17459564 ] 

D Tim Cummings commented on TAP5-2690:
--------------------------------------

This quickstart uses log4j 2.14.1 which has the very serious log4shell vulnerability. Please update log4j to at least 2.16.0.

> Update quickstart to make Spring Boot optional
> ----------------------------------------------
>
>                 Key: TAP5-2690
>                 URL: https://issues.apache.org/jira/browse/TAP5-2690
>             Project: Tapestry 5
>          Issue Type: Improvement
>          Components: quickstart
>    Affects Versions: 5.7.3
>            Reporter: picodotdev
>            Assignee: Thiago Henrique De Paula Figueiredo
>            Priority: Minor
>             Fix For: 5.8.0
>
>         Attachments: TAP5-2690.patch, gradlew-appRun.out.txt, gradlew-spring-boot-run.out.txt, mvn-archetype-generate.out.txt, mvn-jetty-run.out.txt, quickstart-screenshot-no-browser.png, quickstart-screenshot.png, tree.out.txt
>
>
> On the update to quickstart https://issues.apache.org/jira/browse/TAP5-2608 the generated app was updated to use Spring Boot.
> Spring Boot is preferred to be optional, use Jetty or Tomcat as default option.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)