gwt-dev is only used during maven build or at least for the code server running on my workstation, this is not necessary.
May be gwt-servlet for old legacy apps thet still use GWT-RPC, but most now use REST service and REST clients. Anyway thanks for your suggestions. Have a nice day Il giorno mercoledì 10 aprile 2019 10:26:00 UTC+2, Hrishikesh Joshi ha scritto: > > GWT 2.8.2: > All > All > > --- > > ##### Description > Security Vulnerability Detected in gwt-dev.jar & gwt-servlet.jar are > reported by Dependency checker tool > https://jeremylong.github.io/DependencyCheck/ > > Below are the details - > 1. Gwt-dev.jar - > 1.1 Vulnerable version of jetty library(current version-- > 9.2.14, available ) > 1.2 Vulnerable version of commons-collections(current > version - 3.2.1) > 1.3 Vulnerable version of > org.apache.httpcomponents:httpclient(current version - 4.3.1) > > 2. Gwt-servlet.jar > 1.1 Vulnerable version of Google Protobuf(current version - > 2.5.0, available version - 3.4.0) > > ##### Steps to reproduce > Refer instruction from following web site. > > https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html > > Is community going to update 3rd party library used by GWT to remove these > Vulnerability ? > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
