You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Sylwester Lachiewicz (Jira)" <ji...@apache.org> on 2020/02/02 23:41:00 UTC
[jira] [Commented] (MINDEXER-120) Remove TrueZip dependency
[ https://issues.apache.org/jira/browse/MINDEXER-120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17028602#comment-17028602 ]
Sylwester Lachiewicz commented on MINDEXER-120:
-----------------------------------------------
Done in [83520cf9ce298d1ec9af66cf17e9c55ffddd26fb|https://gitbox.apache.org/repos/asf?p=maven-indexer.git;a=commit;h=83520cf9ce298d1ec9af66cf17e9c55ffddd26fb]
> Remove TrueZip dependency
> -------------------------
>
> Key: MINDEXER-120
> URL: https://issues.apache.org/jira/browse/MINDEXER-120
> Project: Maven Indexer
> Issue Type: Improvement
> Reporter: Sylwester Lachiewicz
> Assignee: Sylwester Lachiewicz
> Priority: Major
> Fix For: 6.0.1
>
>
> Starting from Java 7 b55 [4681995|https://bugs.java.com/bugdatabase/view_bug.do?bug_id=4681995] we have support for big zip files (ZIP64) in core java.
> Removing TrueZip would also remove dependency to potentially vulnerable dependencies org.bouncycastle:bcprov-jdk15on and org.apache.commons:commons-compress
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32368]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32366]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32361]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32362]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32340]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32364]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-32473]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-72275]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32367]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32363]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-173771]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32365]
>
> Credits to: [https://snyk.io/]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)