Ok, John did comment in the JIRA, that the upgrades are already conducted in previous commits.I will run an OWASP scan on the code. If this reveals some more vulnerable dependencies, I will report in the JIRA and provide a PR, if possible. Best,Richard Z. Am Mittwoch, den 13.11.2019, 14:08 +0000 schrieb Zowalla, Richard: > Alright, I will proceed :) > Best,Richard > Am Mittwoch, den 13.11.2019, 07:52 -0600 schrieb Richard Monson- > Haefel: > > If you don't mind, Richard, can you do the upgrades and create a > > PR? We can let it run overnight and see how it goes. > > I'm not sure as to what the best policy is for announcing the CVE > > so that people know to upgrade. I think we should figure that out > > after the ci has run. As an alternative you can run the full test > > suite on your own machine (takes about an hour or something like > > that) and see if you pick up any errors. I did this yesterday with > > a different PR but I don't have the extra cycles to do it again > > today. > > > > On Wed, Nov 13, 2019 at 7:07 AM Zowalla, Richard < > > richard.zowa...@hs-heilbronn.de> wrote: > > > Sounds reasonable to me. If I can assist in upgrading, let me > > > know. > > > > > > However, we should publish the link to the ASF CI somewhere, so > > > we can better monitor the current build status. > > > > > > Best, > > > Richard Z > > > > > > Am Mittwoch, den 13.11.2019, 07:00 -0600 schrieb Richard Monson- > > > Haefel: > > > > Is this a matter of upgrading and testing or is there more to > > > > it thanthat? If that's it we can create a PR with the updates > > > > and let the asf cirun the tests and look for problems. > > > > > > > > On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois < > > > > francois.courta...@thalesgroup.com> wrote: > > > > Hello, > > > > Could you take this JIRA entry ( > > > > https://issues.apache.org/jira/browse/TOMEE-2737) into account > > > > please ? > > > > Best Regard. > > > > > > > > > > > > ________________________________This message and any > > > > attachments are intended solely for the addresseesand may > > > > contain confidential information. Any unauthorized use > > > > ordisclosure, either whole or partial, is prohibited.E-mails > > > > are susceptible to alteration. Our company shall not be liable > > > > forthe message if altered, changed or falsified. If you are not > > > > the intendedrecipient of this message, please delete it and > > > > notify the sender.Although all reasonable efforts have been > > > > made to keep this transmissionfree from viruses, the sender > > > > will not be liable for damages caused by atransmitted virus. > > > > > > > > > > > > > > > -- > > > Richard Zowalla, M.Sc.Research Associate, PhD Student | Medical > > > Informatics > > > > > > > > > Hochschule Heilbronn – University of Applied SciencesMax-Planck- > > > Str. 39 D-74081 Heilbronn phone: +49 7131 504 6791mail: > > > richard.zowalla@hs-heilbronn.deweb: > > > http://www.mi.hs-heilbronn.de/ > > > > -- Richard Zowalla, M.Sc.Research Associate, PhD Student | Medical Informatics
Hochschule Heilbronn – University of Applied SciencesMax-Planck-Str. 39 D-74081 Heilbronn phone: +49 7131 504 6791mail: richard.zowalla@hs-heilbronn.deweb: http://www.mi.hs-heilbronn.de/
smime.p7s
Description: S/MIME cryptographic signature