On 23/04/20 11:27, Colm O hEigeartaigh wrote: > Hi Francesco, > > +1, but could we look at updating a few more security vulnerabilities? > > - CVE-2018-8036 could be fixed by updating XML Graphics 2.3 -> 2.4
This can be done both for 2_0_X and 2_1_X as FOP 2.4 retains Java 7 compatibility, as 2_0_X does. > - CVE-2018-10237 could be fixed by updating Guava >= 2.24.x According to https://guava.dev/ we need to use the Android flavor on 2_0_X, because of Java 7 compatibility. Under this condition, we can upgrade all branches to latest Guava 29.0 (which should only required by Swagger UI if I am not mistaking). I'll do the checks and push upgrades. Regards. > On Thu, Apr 23, 2020 at 8:47 AM Francesco Chicchiriccò <[email protected]> > wrote: > >> Hi all, >> resuming this thread after one week: shall we proceed with releases? >> >> Regards. >> >> On 16/04/20 14:17, Andrea Patricelli wrote: >>> Hi all, >>> >>> we are going to develop last improvement that consists in a custom layout >>> for linked account wizard. Thus we would like to wait for this last >>> improvement before the release. >>> >>> Best regards, >>> Andrea >>> >>> Il 14/04/20 11:58, Francesco Chicchiriccò ha scritto: >>>> Hi there, >>>> I think it's about time to start preparing Syncope 2.1.6 / 2.0.15 (several >>>> fixes and improvement, time passed since previous releases, ..). >>>> >>>> If you have any pending change or fix, please either finalize as soon as >>>> possible or let's postpone. >>>> WDYT? >>>> -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
