2022/06/04 15:47, Julien Lepiller: > So I figured I could fix java-plexus-component-metadata that we use to > generate some xml files during the build of maven. jdom is one of its > inputs. Adding another jdom to the native inputs would probably not fix > the issue.
Reverting the jdom upgrade patch, I did get mave-core to build. I admit I did not try running it. My interest in maven is as a dependency to clojure-tools, I don't really know how to test maven is actually working by itself. > What I did instead is, since jdom wants to set more features than > supported in the driver, to add dummy support for all these additional > features by just not throwing the exception. It's not very satisfying, > but it works and we don't keep a vulnerable jdom around. With the > attached patch, I built up to maven. Smart! I look forward to seeing your patch land in the main branch. Cheers, Remco
