On Wed, Sep 27, 2017 at 7:59 AM, Aleksandar Kurtakov <akurt...@redhat.com> wrote: > On Wed, Sep 27, 2017 at 1:48 PM, Ed Willink <e...@willink.me.uk> wrote: >> I suspect that the inconsistent versions are the problem in both cases. Does >> anyone know what is going on? > > Batik versions prior to 1.9 suffer from > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5662 > (batik-svg.jar) but removing part of batik release will raise more > questions IMHO Orbit should drop all pre 1.9 in Photon stream.
This sounds fine to me. Sorry for the confusion. I'll have them removed for Photon M3. It was simple enough to ask 1.8 be removed as part of introducing 1.9 as it was the same project requesting/using the updated version. Cheers, Roland Grunberg _______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@eclipse.org To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev