Hey Jacques,
I looked it fast the PR and I thinks we have no reason to push it on
trunk, we create the 24.09 for that :)
Nicolas
Le 11/10/2024 à 10:24, Jacques Le Roux a écrit :
Hi,
3 months ago Danny Trunk created
https://issues.apache.org/jira/browse/OFBIZ-13123
It's interesting PRs about security with transitive dependencies.
So far we did not merge it because of Michael's reasonable concerns
(see https://github.com/apache/ofbiz-framework/pull/819)
The framework part begins to have conflicts to resolve... simple for
now....
I hope to soon update Freemarker to 2.3.34
see
https://issues.apache.org/jira/browse/OFBIZ-13131
and
https://lists.apache.org/thread/mczcsc04hl83spkdt66y25z2nqsgyz51
I'm also concerned about https://www.cve.org/CVERecord?id=CVE-2024-47554
What do you thing about all that?
TIA
