Thanks for the Jira. I will also take a look later today. Regards JB
Le mar. 27 nov. 2018 à 09:09, Grzegorz Grzybek <[email protected]> a écrit : > Hello > > I've created https://ops4j1.jira.com/browse/PAXWEB-1188 to track this and > assigned to me. I'll try to look at it soon. > > regards > Grzegorz Grzybek > > pon., 26 lis 2018 o 13:47 Jens Kordowski <[email protected]> > napisał(a): > >> Hi, >> >> pax-web-jsp pulls in a very old taglibs via >> org.apache.geronimo.bundles:jstl:1.2_1. >> >> There is a known vulnerability listed on >> https://nvd.nist.gov/vuln/detail/CVE-2015-0254 which is solved as of >> version 1.2.3. >> >> Any opinions against an update of this library? Do you consider the unit >> test coverage high enough to rely on after the update? >> >> I think there is no 1.2_3 release of org.apache.geronimo.bundles:jstl, so >> this means getting this library via another artifact. >> >> Best regards >> Jens >> >> -- >> -- >> ------------------ >> OPS4J - http://www.ops4j.org - [email protected] >> >> --- >> You received this message because you are subscribed to the Google Groups >> "OPS4J" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > -- > -- > ------------------ > OPS4J - http://www.ops4j.org - [email protected] > > --- > You received this message because you are subscribed to the Google Groups > "OPS4J" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- ------------------ OPS4J - http://www.ops4j.org - [email protected] --- You received this message because you are subscribed to the Google Groups "OPS4J" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
