You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@avro.apache.org by GitBox <gi...@apache.org> on 2020/06/19 13:00:05 UTC
[GitHub] [avro] RyanSkraba opened a new pull request #919: AVRO-2865: Remove maven 2 support
RyanSkraba opened a new pull request #919:
URL: https://github.com/apache/avro/pull/919
Make sure you have checked _all_ steps below.
### Jira
- [X] My PR addresses the following [Avro Jira](https://issues.apache.org/jira/browse/AVRO/) issues and references them in the PR title. For example, "AVRO-1234: My Avro PR"
- https://issues.apache.org/jira/browse/AVRO-2865
- In case you are adding a dependency, check if the license complies with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x).
### Tests
- [X] My PR adds the following unit tests __OR__ does not need testing for this extremely good reason:
### Commits
- [X] My commits all reference Jira issues in their subject lines. In addition, my commits follow the guidelines from "[How to write a good git commit message](https://chris.beams.io/posts/git-commit/)":
1. Subject is separated from body by a blank line
1. Subject is limited to 50 characters (not including Jira issue reference)
1. Subject does not end with a period
1. Subject uses the imperative mood ("add", not "adding")
1. Body wraps at 72 characters
1. Body explains "what" and "why", not "how"
### Documentation
- [ ] In case of new functionality, my PR adds documentation that describes how to use it.
- All the public functions and the classes in the PR contain Javadoc that explain what it does
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [avro] iemejia merged pull request #919: AVRO-2865: Remove maven 2 support
Posted by GitBox <gi...@apache.org>.
iemejia merged pull request #919:
URL: https://github.com/apache/avro/pull/919
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [avro] RyanSkraba commented on pull request #919: AVRO-2865: Remove maven 2 support
Posted by GitBox <gi...@apache.org>.
RyanSkraba commented on pull request #919:
URL: https://github.com/apache/avro/pull/919#issuecomment-646633912
@iemejia What do you think -- is this CVE a reason to wait for 1.10.0 RC2 ?
On the one hand, the plexus-util jar with the vulnerability will only be on the machine *building* avro specific records, and XML injection could only be done from the pom.xml sitting _right there_ in front of the user running maven...
... on the other hand, a lot of build machines are CI (jenkins) and automatic/expensive shared resources.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [avro] iemejia commented on pull request #919: AVRO-2865: Remove maven 2 support
Posted by GitBox <gi...@apache.org>.
iemejia commented on pull request #919:
URL: https://github.com/apache/avro/pull/919#issuecomment-646635994
It makes sense to do a RC2 we should not let security vulnerabilities exposed. Thanks for the PR @RyanSkraba
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org