Did not find anything with the owasp plugin profile. Should be fine (for now).
Am Mittwoch, den 13.11.2019, 08:25 -0600 schrieb Richard Monson-Haefel: > Excellent! Thanks, Richard! > > On Wed, Nov 13, 2019 at 8:18 AM Zowalla, Richard < > [email protected]> wrote: > > Ok, John did comment in the JIRA, that the upgrades are already > > conducted in previous commits. > > I will run an OWASP scan on the code. If this reveals some more > > vulnerable dependencies, I will report in the JIRA and provide a > > PR, if possible. > > > > Best, > > Richard Z. > > > > Am Mittwoch, den 13.11.2019, 14:08 +0000 schrieb Zowalla, Richard: > > > Alright, I will proceed :) > > > Best,Richard > > > Am Mittwoch, den 13.11.2019, 07:52 -0600 schrieb Richard Monson- > > > Haefel: > > > > If you don't mind, Richard, can you do the upgrades and create > > > > a PR? We can let it run overnight and see how it goes. > > > > I'm not sure as to what the best policy is for announcing the > > > > CVE so that people know to upgrade. I think we should figure > > > > that out after the ci has run. As an alternative you can run > > > > the full test suite on your own machine (takes about an hour or > > > > something like that) and see if you pick up any errors. I did > > > > this yesterday with a different PR but I don't have the extra > > > > cycles to do it again today. > > > > > > > > On Wed, Nov 13, 2019 at 7:07 AM Zowalla, Richard < > > > > [email protected]> wrote: > > > > > Sounds reasonable to me. If I can assist in upgrading, let me > > > > > know. > > > > > > > > > > However, we should publish the link to the ASF CI somewhere, > > > > > so we can better monitor the current build status. > > > > > > > > > > Best, > > > > > Richard Z > > > > > > > > > > Am Mittwoch, den 13.11.2019, 07:00 -0600 schrieb Richard > > > > > Monson-Haefel: > > > > > > Is this a matter of upgrading and testing or is there more > > > > > > to it thanthat? If that's it we can create a PR with the > > > > > > updates and let the asf cirun the tests and look for > > > > > > problems. > > > > > > > > > > > > On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois < > > > > > > [email protected]> wrote: > > > > > > Hello, > > > > > > Could you take this JIRA entry ( > > > > > > https://issues.apache.org/jira/browse/TOMEE-2737) into > > > > > > account please ? > > > > > > Best Regard. > > > > > > > > > > > > > > > > > > ________________________________This message and any > > > > > > attachments are intended solely for the addresseesand may > > > > > > contain confidential information. Any unauthorized use > > > > > > ordisclosure, either whole or partial, is prohibited.E- > > > > > > mails are susceptible to alteration. Our company shall not > > > > > > be liable forthe message if altered, changed or falsified. > > > > > > If you are not the intendedrecipient of this message, > > > > > > please delete it and notify the sender.Although all > > > > > > reasonable efforts have been made to keep this > > > > > > transmissionfree from viruses, the sender will not be > > > > > > liable for damages caused by atransmitted virus. > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > > > > > > > > > -- > > > > > > --
smime.p7s
Description: S/MIME cryptographic signature
