[jira] [Updated] (ISIS-1635) Upgrade dependency to resteasy

[JIRA]

     [ 
https://issues.apache.org/jira/browse/ISIS-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jörg Rade updated ISIS-1635:
----------------------------
    Description: 
org.codehaus.jackson brings in some vulnerabilities:
!Dependency-Check.png|thumbnail!
{code}
[INFO] |  +- 
org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
[INFO] |  |  +- 
org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
[INFO] |  |  |  +- 
org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
[INFO] |  |  |  |  +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
[INFO] |  |  |  |  |  +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
[INFO] |  |  |  |  |  |  +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
[INFO] |  |  |  |  |  |  \- 
com.sun.istack:istack-commons-runtime:jar:2.16:compile
[INFO] |  |  |  |  |  \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
[INFO] |  |  |  |  |     \- javax.xml.bind:jsr173_api:jar:1.0:compile
[INFO] |  |  |  |  \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
[INFO] |  |  |  +- 
org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
[INFO] |  |  |  |  +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
[INFO] |  |  |  |  +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
[INFO] |  |  |  |  +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
[INFO] |  |  |  |  \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
{code}

Please upgrade to 3.1.3Final if feasible:
{code}
<dependency>
    <groupId>org.jboss.resteasy</groupId>
    <artifactId>resteasy-jaxb-provider</artifactId>
    <version>3.1.3.Final</version>
</dependency>
<dependency>
    <groupId>org.jboss.resteasy</groupId>
    <artifactId>resteasy-jackson-provider</artifactId>
    <version>3.1.3.Final</version>
</dependency>

{code}

  was:
org.codehaus.jackson brings in some vulnerabilities:
!Dependency-Check.png|thumbnail!
{code}
[INFO] |  +- 
org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
[INFO] |  |  +- 
org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
[INFO] |  |  |  +- 
org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
[INFO] |  |  |  |  +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
[INFO] |  |  |  |  |  +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
[INFO] |  |  |  |  |  |  +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
[INFO] |  |  |  |  |  |  \- 
com.sun.istack:istack-commons-runtime:jar:2.16:compile
[INFO] |  |  |  |  |  \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
[INFO] |  |  |  |  |     \- javax.xml.bind:jsr173_api:jar:1.0:compile
[INFO] |  |  |  |  \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
[INFO] |  |  |  +- 
org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
[INFO] |  |  |  |  +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
[INFO] |  |  |  |  +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
[INFO] |  |  |  |  +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
[INFO] |  |  |  |  \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
{code}

Please upgrade to 3.1.3Final if feasible:
{code}
<dependency>
    <groupId>org.jboss.resteasy</groupId>
    <artifactId>resteasy-jaxb-provider</artifactId>
    <version>3.1.3.Final</version>
</dependency>
{code}


> Upgrade dependency to resteasy
> ------------------------------
>
>                 Key: ISIS-1635
>                 URL: https://issues.apache.org/jira/browse/ISIS-1635
>             Project: Isis
>          Issue Type: Improvement
>          Components: Core: Viewer: RestfulObjects
>    Affects Versions: 1.14.0
>            Reporter: Jörg Rade
>         Attachments: Dependency-Check.png
>
>
> org.codehaus.jackson brings in some vulnerabilities:
> !Dependency-Check.png|thumbnail!
> {code}
> [INFO] |  +- 
> org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
> [INFO] |  |  +- 
> org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
> [INFO] |  |  |  +- 
> org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
> [INFO] |  |  |  |  +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
> [INFO] |  |  |  |  |  +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
> [INFO] |  |  |  |  |  |  +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
> [INFO] |  |  |  |  |  |  \- 
> com.sun.istack:istack-commons-runtime:jar:2.16:compile
> [INFO] |  |  |  |  |  \- 
> com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
> [INFO] |  |  |  |  |     \- javax.xml.bind:jsr173_api:jar:1.0:compile
> [INFO] |  |  |  |  \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
> [INFO] |  |  |  +- 
> org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
> [INFO] |  |  |  |  +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
> [INFO] |  |  |  |  +- 
> org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
> [INFO] |  |  |  |  +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
> [INFO] |  |  |  |  \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
> {code}
> Please upgrade to 3.1.3Final if feasible:
> {code}
> <dependency>
>     <groupId>org.jboss.resteasy</groupId>
>     <artifactId>resteasy-jaxb-provider</artifactId>
>     <version>3.1.3.Final</version>
> </dependency>
> <dependency>
>     <groupId>org.jboss.resteasy</groupId>
>     <artifactId>resteasy-jackson-provider</artifactId>
>     <version>3.1.3.Final</version>
> </dependency>
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)