[
https://issues.apache.org/jira/browse/AVRO-2228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16626130#comment-16626130
]
ASF GitHub Bot commented on AVRO-2228:
--------------------------------------
Fokko opened a new pull request #332: [AVRO-2228] Bump Apache Velocity to 2.0
URL: https://github.com/apache/avro/pull/332
- Remove `Slf4jLogChute` since 2.0 uses SLF4J itself:
https://github.com/apache/velocity-engine#upgrading-from-velocity-17x-to-velocity-20
- Update $velocityHasNext to $foreach.hasNext because of deprecation, Update
$velocityCount to $foreach.count because of deprecation:
https://github.com/apache/velocity-engine#upgrading-from-velocity-16x-to-velocity-17x
- Velocity 2.0 does not depend on apache-common collections anymore which
used to be an old version with known security issues: CVE-2015-6420,
CVE-2017-15708
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Bump Apache Velocity to 2.0
> ---------------------------
>
> Key: AVRO-2228
> URL: https://issues.apache.org/jira/browse/AVRO-2228
> Project: Avro
> Issue Type: Improvement
> Affects Versions: 1.8.2
> Reporter: Fokko Driesprong
> Priority: Major
>
> Apache Velocity 1.7 contains CVE's: CVE-2015-6420, CVE-2017-15708
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
