Am 12.07.2021 um 11:16 schrieb Andrei Dulceanu:
Hi Julian,
For the time being I think OAK-9451, OAK-9473 and OAK-9401 are sufficient.
We can include in a later release the other candidates. Speaking of this,
what's the situation with OAK-9038? Does it need to be backported on this
branch?
I do not recall to be honest. The fix was needed in trunk, so I would
assume it should be backported.
When it comes to dependencies for
https://nvd.nist.gov/vuln/detail/CVE-2020-25649, I saw there's already a PR
for updating netty. Is there something else which think is mandatory to go
inside now?
I would need to check (try "mvn
org.owasp:dependency-check-maven:6.0.0:aggregate").
I don't want to rush this release, but don't want to stall it either...
Ideally I'd cut it tomorrow or Wednesday, 14th of July.
Ack.
Best regards, Julian
