[
https://issues.apache.org/jira/browse/FC-274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16992977#comment-16992977
]
Shawn McKinney commented on FC-274:
-----------------------------------
enmasse:
plugins:
[INFO] The following plugin updates are available:
[INFO] maven-compiler-plugin ................................ 3.8.0 -> 3.8.1
[INFO] maven-source-plugin .................................. 3.0.0 -> 3.2.0
[INFO] maven-war-plugin ....................................... 2.4 -> 3.2.3
dependencies:
The following dependencies in Dependencies have newer versions:
[INFO] com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider ...
[INFO] 2.9.7 -> 2.10.1
[INFO] com.sun.xml.bind:jaxb-core .......................... 2.3.0 ->
org.glassfish.jaxb 2.3.0.1
[INFO] com.sun.xml.bind:jaxb-impl ........................ 2.3.0 -> 2.3.2
[INFO] org.apache.cxf:cxf-core ............................... 3.2.6 -> 3.3.4
[INFO] org.apache.cxf:cxf-rt-frontend-jaxrs .................. 3.2.6 -> 3.3.4
[INFO] org.springframework:spring-core ....... 5.0.9.RELEASE -> 5.2.2.RELEASE
[INFO] org.springframework.security:spring-security-web ...
[INFO] 5.0.7.RELEASE -> 5.2.1.RELEASE
> Upgrade maven plugins and dependencies
> ---------------------------------------
>
> Key: FC-274
> URL: https://issues.apache.org/jira/browse/FC-274
> Project: FORTRESS
> Issue Type: Improvement
> Affects Versions: 2.0.3
> Reporter: Shawn McKinney
> Assignee: Shawn McKinney
> Priority: Major
> Fix For: 2.0.4
>
>
> Exclude dom4j from ldap api due to CVE-2018-1000632.
>
> Note, this has been upgraded to proper version in latest api, but fortress is
> on back level 1.x
>
> <dom4j.version>2.1.1</dom4j.version>
>
> More changes to depends:
> fortress core:
> [INFO] The following dependencies in Dependencies have newer versions:
> [INFO] com.fasterxml.jackson.core:jackson-annotations ....... 2.9.7 -> 2.10.1
> *
> [INFO] commons-codec:commons-codec ............................. 1.11 -> 1.13
> *
> [INFO] javax:javaee-api ........................................ 8.0 -> 8.0.1
> *
> [INFO] javax.ws.rs:javax.ws.rs-api ............................. 2.1 -> 2.1.1
> *
> [INFO] org.apache.httpcomponents:httpclient ................. 4.5.6 -> 4.5.10
> *
> [INFO] org.apache.httpcomponents:httpcore .................. 4.4.10 -> 4.4.12
> *
> [INFO] org.jasypt:jasypt ..................................... 1.9.2 -> 1.9.3
> *
> [INFO] org.jgrapht:jgrapht-core .............................. 1.0.0 -> 1.3.1
> *
> [INFO] org.slf4j:slf4j-api ........................... 1.7.21 -> 2.0.0-alpha1
> * (1.7.29)
> [INFO] org.slf4j:slf4j-log4j12 ....................... 1.7.21 -> 2.0.0-alpha1
> * (1.7.29)
>
> also updated plugs for core:
>
> [INFO] maven-assembly-plugin ................................ 3.0.0 -> 3.2.0
> [INFO] maven-clean-plugin ................................... 3.0.0 -> 3.1.0
> [INFO] maven-compiler-plugin ................................ 3.8.0 -> 3.8.1
> [INFO] maven-deploy-plugin ................................. 2.8.2 -> 3.0.0-M1
> [INFO] maven-install-plugin ................................ 2.5.2 -> 3.0.0-M1
> [INFO] maven-jar-plugin ..................................... 3.0.2 -> 3.2.0
> [INFO] maven-site-plugin ...................................... 3.4 -> 3.8.2
> [INFO] maven-source-plugin .................................. 3.0.0 -> 3.2.0
> [INFO] org.owasp:dependency-check-maven ..................... 3.3.4 -> 5.0.0
>
> except for:
> [INFO] maven-surefire-plugin ............................ 2.18.1 -> 3.0.0-M4
>
> which causes the test behavior to change.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
