[
https://issues.apache.org/jira/browse/PDFBOX-4281?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tilman Hausherr updated PDFBOX-4281:
------------------------------------
Description:
I tried this new plugin
https://sonatype.github.io/ossindex-maven/maven-plugin/
and found that our dependency Apache Wink depends on a Spring version with a
vulnerability. We use Apache Wink to create a mock http server. Apache Wink has
been retired. However we need only a single class so I'll add that one. (I also
tried to find other mock http servers, one had issues, another needed a
com.sun.* class, another was too complex).
was:I tried this new plugin and found that our dependency Apache Wink depends
on a Spring version with a vulnerability. We use Apache Wink to create a mock
http server. Apache Wink has been retired. However we need only a single class
so I'll add that one. (I also tried to find other mock http servers, one had
issues, another needed a com.sun.* class, another was too complex).
> Replace Apache Wink dependency
> ------------------------------
>
> Key: PDFBOX-4281
> URL: https://issues.apache.org/jira/browse/PDFBOX-4281
> Project: PDFBox
> Issue Type: Task
> Components: Signing
> Affects Versions: 2.0.11
> Reporter: Tilman Hausherr
> Assignee: Tilman Hausherr
> Priority: Major
> Fix For: 2.0.12, 3.0.0 PDFBox
>
>
> I tried this new plugin
> https://sonatype.github.io/ossindex-maven/maven-plugin/
> and found that our dependency Apache Wink depends on a Spring version with a
> vulnerability. We use Apache Wink to create a mock http server. Apache Wink
> has been retired. However we need only a single class so I'll add that one.
> (I also tried to find other mock http servers, one had issues, another needed
> a com.sun.* class, another was too complex).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
