You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tapestry.apache.org by "D Tim Cummings (Jira)" <ji...@apache.org> on 2021/12/14 23:30:00 UTC
[jira] [Commented] (TAP5-2690) Update quickstart to make Spring Boot optional
[ https://issues.apache.org/jira/browse/TAP5-2690?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459564#comment-17459564 ]
D Tim Cummings commented on TAP5-2690:
--------------------------------------
This quickstart uses log4j 2.14.1 which has the very serious log4shell vulnerability. Please update log4j to at least 2.16.0.
> Update quickstart to make Spring Boot optional
> ----------------------------------------------
>
> Key: TAP5-2690
> URL: https://issues.apache.org/jira/browse/TAP5-2690
> Project: Tapestry 5
> Issue Type: Improvement
> Components: quickstart
> Affects Versions: 5.7.3
> Reporter: picodotdev
> Assignee: Thiago Henrique De Paula Figueiredo
> Priority: Minor
> Fix For: 5.8.0
>
> Attachments: TAP5-2690.patch, gradlew-appRun.out.txt, gradlew-spring-boot-run.out.txt, mvn-archetype-generate.out.txt, mvn-jetty-run.out.txt, quickstart-screenshot-no-browser.png, quickstart-screenshot.png, tree.out.txt
>
>
> On the update to quickstart https://issues.apache.org/jira/browse/TAP5-2608 the generated app was updated to use Spring Boot.
> Spring Boot is preferred to be optional, use Jetty or Tomcat as default option.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)