Easly to update in upcoming releases than explain each other that it isn't critical :)
BTW GWT-RPC user protobuf? Thought about replacing REST with Protobuf but did not find ready to use solution (Java <-> GWT with APT generators). Stas. On Wednesday, April 10, 2019 at 10:28:23 AM UTC+2, [email protected] wrote: > > gwt-dev is only used during maven build or at least for the code server > running on my workstation, this is not necessary. > > May be gwt-servlet for old legacy apps thet still use GWT-RPC, but most > now use REST service and REST clients. > > Anyway thanks for your suggestions. > > Have a nice day > > Il giorno mercoledì 10 aprile 2019 10:26:00 UTC+2, Hrishikesh Joshi ha > scritto: >> >> GWT 2.8.2: >> All >> All >> >> --- >> >> ##### Description >> Security Vulnerability Detected in gwt-dev.jar & gwt-servlet.jar are >> reported by Dependency checker tool >> https://jeremylong.github.io/DependencyCheck/ >> >> Below are the details - >> 1. Gwt-dev.jar - >> 1.1 Vulnerable version of jetty library(current version-- >> 9.2.14, available ) >> 1.2 Vulnerable version of commons-collections(current >> version - 3.2.1) >> 1.3 Vulnerable version of >> org.apache.httpcomponents:httpclient(current version - 4.3.1) >> >> 2. Gwt-servlet.jar >> 1.1 Vulnerable version of Google Protobuf(current version >> - 2.5.0, available version - 3.4.0) >> >> ##### Steps to reproduce >> Refer instruction from following web site. >> >> https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html >> >> Is community going to update 3rd party library used by GWT to remove >> these Vulnerability ? >> > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
