Hi, pax-web-jsp pulls in a very old taglibs via org.apache.geronimo.bundles:jstl:1.2_1.
There is a known vulnerability listed on https://nvd.nist.gov/vuln/detail/CVE-2015-0254 which is solved as of version 1.2.3. Any opinions against an update of this library? Do you consider the unit test coverage high enough to rely on after the update? I think there is no 1.2_3 release of org.apache.geronimo.bundles:jstl, so this means getting this library via another artifact. Best regards Jens -- -- ------------------ OPS4J - http://www.ops4j.org - [email protected] --- You received this message because you are subscribed to the Google Groups "OPS4J" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
