Le lun. 28 août 2023 à 08:04, Olivier Lamy a écrit :
> Hi,
>
> On Tue, 22 Aug 2023 at 17:36, Guillaume Nodet wrote:
> >
> > Hi everyone,
> >
> > I hope you guys have been able to rest a bit during the summer (for those
> > that are back to work already)...
> >
> > I've pushed a few important
Maven 3.8.1 release notes describe CVE-2021-26291 fixed in that version:
https://maven.apache.org/docs/3.8.1/release-notes.html
That's the best explanation of this CVE of all I saw online.
But it misses guide for plugin authors.
GitHub's security scanner created this alert for my plugin
Le 28/08/2023 à 14:24, Martin Desruisseaux a écrit :
Rational: a direct dependency may be known to be compatible with both
the class-path and module-path (e.g. it may duplicate "module-info"
into "META-INF/services/"), but maybe some transitive dependencies are
not.
Another argument for
Le 28/08/2023 à 13:30, Elliotte Rusty Harold a écrit :
> On Mon, Aug 28, 2023 at 8:49 AM Martin Desruisseaux wrote:
>> * Long term solution would be to change the POM model by expanding the
>> section for controlling on an individual basis how to
>> handle each dependency.
>
> How
On Mon, Aug 28, 2023 at 8:49 AM Martin Desruisseaux
wrote:
>
> Hello again
>
> What about the following proposal for addressing MNG-7855?
>
> * Long term solution would be to change the POM model by expanding the
> section for controlling on an individual basis how to
> handle each
Hello again
What about the following proposal for addressing MNG-7855?
* Long term solution would be to change the POM model by expanding the
section for controlling on an individual basis how to
handle each dependency.
* Short term solution would be to add a configuration element in
Hi,
On Tue, 22 Aug 2023 at 17:36, Guillaume Nodet wrote:
>
> Hi everyone,
>
> I hope you guys have been able to rest a bit during the summer (for those
> that are back to work already)...
>
> I've pushed a few important PRs in the past months and I'd really like to
> get the discussion going
