[ https://issues.apache.org/jira/browse/ISIS-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jörg Rade updated ISIS-1635: ---------------------------- Description: org.codehaus.jackson brings in some vulnerabilities: !Dependency-Check.png|thumbnail! {code} [INFO] | +- org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile [INFO] | | +- org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile [INFO] | | | | | | \- com.sun.istack:istack-commons-runtime:jar:2.16:compile [INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile {code} Please upgrade to 3.1.3Final if feasible: {code} <dependency> <groupId>org.jboss.resteasy</groupId> <artifactId>resteasy-jaxb-provider</artifactId> <version>3.1.3.Final</version> </dependency> <dependency> <groupId>org.jboss.resteasy</groupId> <artifactId>resteasy-jackson-provider</artifactId> <version>3.1.3.Final</version> </dependency> {code} was: org.codehaus.jackson brings in some vulnerabilities: !Dependency-Check.png|thumbnail! {code} [INFO] | +- org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile [INFO] | | +- org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile [INFO] | | | | | | \- com.sun.istack:istack-commons-runtime:jar:2.16:compile [INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile {code} Please upgrade to 3.1.3Final if feasible: {code} <dependency> <groupId>org.jboss.resteasy</groupId> <artifactId>resteasy-jaxb-provider</artifactId> <version>3.1.3.Final</version> </dependency> {code} > Upgrade dependency to resteasy > ------------------------------ > > Key: ISIS-1635 > URL: https://issues.apache.org/jira/browse/ISIS-1635 > Project: Isis > Issue Type: Improvement > Components: Core: Viewer: RestfulObjects > Affects Versions: 1.14.0 > Reporter: Jörg Rade > Attachments: Dependency-Check.png > > > org.codehaus.jackson brings in some vulnerabilities: > !Dependency-Check.png|thumbnail! > {code} > [INFO] | +- > org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile > [INFO] | | +- > org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile > [INFO] | | | +- > org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile > [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile > [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile > [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile > [INFO] | | | | | | \- > com.sun.istack:istack-commons-runtime:jar:2.16:compile > [INFO] | | | | | \- > com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile > [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile > [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile > [INFO] | | | +- > org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile > [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile > [INFO] | | | | +- > org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile > [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile > [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile > {code} > Please upgrade to 3.1.3Final if feasible: > {code} > <dependency> > <groupId>org.jboss.resteasy</groupId> > <artifactId>resteasy-jaxb-provider</artifactId> > <version>3.1.3.Final</version> > </dependency> > <dependency> > <groupId>org.jboss.resteasy</groupId> > <artifactId>resteasy-jackson-provider</artifactId> > <version>3.1.3.Final</version> > </dependency> > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)