You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@slider.apache.org by "Steve Loughran (JIRA)" <ji...@apache.org> on 2016/02/24 17:50:18 UTC

[jira] [Commented] (SLIDER-1091) Upgrade test-time dependency on Groovy to 2.4.4

    [ https://issues.apache.org/jira/browse/SLIDER-1091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15163308#comment-15163308 ] 

Steve Loughran commented on SLIDER-1091:
----------------------------------------

already done in SLIDER-960

> Upgrade test-time dependency on Groovy to 2.4.4
> -----------------------------------------------
>
>                 Key: SLIDER-1091
>                 URL: https://issues.apache.org/jira/browse/SLIDER-1091
>             Project: Slider
>          Issue Type: Bug
>          Components: build, security, test
>    Affects Versions: Slider 0.90.2
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>             Fix For: Slider 0.90.2
>
>
> [CVE-2015-3253|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253] means that the groovy version we use for tests must be considered insecure.
> There is no vulnerability in Slider release: We don't distribute groovy. Nor we do any object serialization, which is the vulnerability. However, we should upgrade anyway



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)