[jira] [Commented] (OMID-252) Analyse and fix possible vulnerabilities for 1.1.1 release

Fri, 20 Oct 2023 10:00:45 -0700 


    [ 
https://issues.apache.org/jira/browse/OMID-252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17777872#comment-17777872
 ] 

Nihal Jain commented on OMID-252:
---------------------------------

Created the Jira for same. Also had identified changes for following maven 
plugins
{code:java}
     <!-- Maven Plugin Versioning -->
-        <maven-assembly-plugin-version>3.1.1</maven-assembly-plugin-version>
+        <maven-assembly-plugin-version>3.6.0</maven-assembly-plugin-version>
         <maven-coveralls-plugin.version>4.1.0</maven-coveralls-plugin.version>
         <maven-cobertura-plugin.version>2.7</maven-cobertura-plugin.version>
         <maven-license-plugin.version>4.3</maven-license-plugin.version>
-        <maven-pmd-plugin.version>3.4</maven-pmd-plugin.version>
-        <maven-checkstyle-plugin.version>2.17</maven-checkstyle-plugin.version>
-        <maven-jxr-plugin.version>2.3</maven-jxr-plugin.version>
-        
<maven-findbugs-maven-plugin.version>3.0.1</maven-findbugs-maven-plugin.version>
-        <maven-owasp-plugin.version>6.5.3</maven-owasp-plugin.version>
-        <surefire.version>3.0.0</surefire.version>
+        <maven-pmd-plugin.version>3.21.0</maven-pmd-plugin.version>
+        
<maven-checkstyle-plugin.version>3.3.0</maven-checkstyle-plugin.version>
+        <maven-jxr-plugin.version>3.3.0</maven-jxr-plugin.version>
+        
<maven-findbugs-maven-plugin.version>3.0.5</maven-findbugs-maven-plugin.version>
+        <maven-owasp-plugin.version>8.4.0</maven-owasp-plugin.version>
         <!-- Code coverage properties -->
-        <maven-clover-plugin.version>4.4.1</maven-clover-plugin.version>
-        <maven-sonar-plugin.version>3.9.1.2184</maven-sonar-plugin.version>
+        <maven-clover-plugin.version>4.5.0</maven-clover-plugin.version>
+        <maven-sonar-plugin.version>3.10.0.2594</maven-sonar-plugin.version> 
{code}
Will create a Jira for bumping them as well. May be outside this ticket or 
should I keep them here itself?

 

> Analyse and fix possible vulnerabilities for 1.1.1 release
> ----------------------------------------------------------
>
>                 Key: OMID-252
>                 URL: https://issues.apache.org/jira/browse/OMID-252
>             Project: Phoenix Omid
>          Issue Type: Task
>            Reporter: Nihal Jain
>            Assignee: Nihal Jain
>            Priority: Major
>
> Here will try and analysis any vulnerabilities which can be fixed before 
> 1.1.1 release. Will create sub tasks as i identiffy them!
> CC: [~stoty] [~rajeshbabu] [~vjasani] 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to