gwt-dev is only used during maven build or at least for the code server running on my workstation, this is not necessary.
May be gwt-servlet for old legacy apps thet still use GWT-RPC, but most now use REST service and REST clients. Anyway thanks for your suggestions. Have a nice day Il giorno mercoledì 10 aprile 2019 10:26:00 UTC+2, Hrishikesh Joshi ha scritto: > > GWT 2.8.2: > All > All > > --- > > ##### Description > Security Vulnerability Detected in gwt-dev.jar & gwt-servlet.jar are > reported by Dependency checker tool > https://jeremylong.github.io/DependencyCheck/ > > Below are the details - > 1. Gwt-dev.jar - > 1.1 Vulnerable version of jetty library(current version-- > 9.2.14, available ) > 1.2 Vulnerable version of commons-collections(current > version - 3.2.1) > 1.3 Vulnerable version of > org.apache.httpcomponents:httpclient(current version - 4.3.1) > > 2. Gwt-servlet.jar > 1.1 Vulnerable version of Google Protobuf(current version - > 2.5.0, available version - 3.4.0) > > ##### Steps to reproduce > Refer instruction from following web site. > > https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html > > Is community going to update 3rd party library used by GWT to remove these > Vulnerability ? > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
