You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Sylwester Lachiewicz (Jira)" <ji...@apache.org> on 2020/02/02 23:41:00 UTC

[jira] [Commented] (MINDEXER-120) Remove TrueZip dependency

    [ https://issues.apache.org/jira/browse/MINDEXER-120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17028602#comment-17028602 ] 

Sylwester Lachiewicz commented on MINDEXER-120:
-----------------------------------------------

Done in [83520cf9ce298d1ec9af66cf17e9c55ffddd26fb|https://gitbox.apache.org/repos/asf?p=maven-indexer.git;a=commit;h=83520cf9ce298d1ec9af66cf17e9c55ffddd26fb]

> Remove TrueZip dependency
> -------------------------
>
>                 Key: MINDEXER-120
>                 URL: https://issues.apache.org/jira/browse/MINDEXER-120
>             Project: Maven Indexer
>          Issue Type: Improvement
>            Reporter: Sylwester Lachiewicz
>            Assignee: Sylwester Lachiewicz
>            Priority: Major
>             Fix For: 6.0.1
>
>
> Starting from Java 7 b55 [4681995|https://bugs.java.com/bugdatabase/view_bug.do?bug_id=4681995] we have support for big zip files (ZIP64) in core java.
> Removing TrueZip would also remove dependency to potentially vulnerable dependencies org.bouncycastle:bcprov-jdk15on and org.apache.commons:commons-compress
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32368]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32366]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32361]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32362]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32340]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32364]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-32473]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-72275]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32367]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32363]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-173771]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32365]
>  
> Credits to: [https://snyk.io/]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)