This is an automated email from the ASF dual-hosted git repository. gk pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/turbine-core.git
commit 69c165d69233ebce8c056b79c5039b94fba6df0b Author: Georg Kallidis <[email protected]> AuthorDate: Wed Dec 20 13:44:51 2023 +0100 Update jackson to v.2.15.3, suppress CVE-2021-37533 commons-net 3.9.0 for (some) dependencies, update feature information. --- pom.xml | 2 +- suppression-owasp-fp.xml | 28 ++++++++++++++++++++++++++++ xdocs/features.xml | 2 +- xdocs/how-to-build.xml | 3 +++ xdocs/index.xml | 7 +++++-- 5 files changed, 38 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 121cd1d5..6e54b03b 100644 --- a/pom.xml +++ b/pom.xml @@ -1313,7 +1313,7 @@ <fulcrum.security>3.0.0</fulcrum.security> <fulcrum.yaafi>2.0.0</fulcrum.yaafi> <torque.version>5.1</torque.version> - <jackson2.version>2.15.2</jackson2.version> + <jackson2.version>2.15.3</jackson2.version> <doclint>none</doclint> <docker.testcontainers.version>1.18.3</docker.testcontainers.version> <jacoco.skip>true</jacoco.skip> diff --git a/suppression-owasp-fp.xml b/suppression-owasp-fp.xml index 2703792f..05d60c4a 100644 --- a/suppression-owasp-fp.xml +++ b/suppression-owasp-fp.xml @@ -75,5 +75,33 @@ <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl> <cve>CVE-2020-8908</cve> </suppress> +<suppress> + <notes><![CDATA[ + file name: commons-configuration2-2.8.0.jar + ]]></notes> + <packageUrl regex="true">^pkg:maven/org\.apache\.commons/commons\-configuration2@.*$</packageUrl> + <cve>CVE-2021-37533</cve> +</suppress> +<suppress> + <notes><![CDATA[ + file name: commons-email-1.5.jar + ]]></notes> + <packageUrl regex="true">^pkg:maven/org\.apache\.commons/commons\-email@.*$</packageUrl> + <cve>CVE-2021-37533</cve> +</suppress> +<suppress> + <notes><![CDATA[ + file name: commons-beanutils-1.9.4.jar + ]]></notes> + <packageUrl regex="true">^pkg:maven/commons\-beanutils/commons\-beanutils@.*$</packageUrl> + <cve>CVE-2021-37533</cve> +</suppress> +<suppress> + <notes><![CDATA[ + file name: angus-activation-2.0.1.jar + ]]></notes> + <packageUrl regex="true">^pkg:maven/org\.eclipse\.angus/angus\-activation@.*$</packageUrl> + <cve>CVE-2023-4218</cve> +</suppress> </suppressions> \ No newline at end of file diff --git a/xdocs/features.xml b/xdocs/features.xml index d4564555..f1252615 100644 --- a/xdocs/features.xml +++ b/xdocs/features.xml @@ -108,7 +108,7 @@ contributed</a> to Turbine over the last 10+ years.</strong> <li> Turbine Servlet works cleanly with Servlet API 2.4 and higher</li> <li> - Works with JDK 1.8 and higher - 100% Pure Java</li> + Version 5.1 requires JDK 1.8 and higher, Version 5.2 and above requires Java 11 and higher - 100% Pure Java</li> </ul> </section> diff --git a/xdocs/how-to-build.xml b/xdocs/how-to-build.xml index 3d6c2578..220f93e4 100644 --- a/xdocs/how-to-build.xml +++ b/xdocs/how-to-build.xml @@ -28,6 +28,9 @@ <section name="How to build Turbine"> +<p> + First, check Java version is Java 11 or above. +</p> <p> Turbine is built using the <a href="http://maven.apache.org/";>Maven</a> build tool. So to get started you should download and install Maven. diff --git a/xdocs/index.xml b/xdocs/index.xml index bfe39c51..61d4f180 100644 --- a/xdocs/index.xml +++ b/xdocs/index.xml @@ -180,12 +180,15 @@ the current Turbine code. repository</a></li> <li> You can also access the archived (since 2021) <a href="https://svn.apache.org/viewvc/turbine/core/trunk/";>Turbine SVN - repository</a></li> + repository (read only)</a></li> <li> You can access the <a href="https://github.com/apache/turbine-archetypes/";>Turbine Archetype Git (rw) repository</a></li> - + <li> + You can access the <a href="https://github.com/apache/turbine-build/";>Turbine Git build environment repository</a>. + This is a GIT modules structure, which should help to manage all Turbine components in one place. + </li> <li> You can find more about the Turbine Ecosystem on <a href="https://gitbox.apache.org/repos/asf#turbine";> gitbox.apache.org (rw) </a> or on <a href="https://github.com/orgs/apache/repositories?language=&q=turbine&sort=&type="; target="_new">Github</a> </li>
