Hi again, any estimation on a resolution?
Best regards Jens On Tuesday, December 4, 2018 at 10:07:40 AM UTC+1, Jens Kordowski wrote: > > Thanks for taking this up! > > Am Dienstag, 27. November 2018 09:43:52 UTC+1 schrieb Jean-Baptiste Onofré: >> >> Thanks for the Jira. I will also take a look later today. >> >> Regards >> JB >> >> Le mar. 27 nov. 2018 à 09:09, Grzegorz Grzybek <[email protected]> a >> écrit : >> >>> Hello >>> >>> I've created https://ops4j1.jira.com/browse/PAXWEB-1188 to track this >>> and assigned to me. I'll try to look at it soon. >>> >>> regards >>> Grzegorz Grzybek >>> >>> pon., 26 lis 2018 o 13:47 Jens Kordowski <[email protected]> >>> napisał(a): >>> >>>> Hi, >>>> >>>> pax-web-jsp pulls in a very old taglibs via >>>> org.apache.geronimo.bundles:jstl:1.2_1. >>>> >>>> There is a known vulnerability listed on >>>> https://nvd.nist.gov/vuln/detail/CVE-2015-0254 which is solved as of >>>> version 1.2.3. >>>> >>>> Any opinions against an update of this library? Do you consider the >>>> unit test coverage high enough to rely on after the update? >>>> >>>> I think there is no 1.2_3 release of org.apache.geronimo.bundles:jstl, >>>> so this means getting this library via another artifact. >>>> >>>> Best regards >>>> Jens >>>> >>>> -- >>>> -- >>>> ------------------ >>>> OPS4J - http://www.ops4j.org - [email protected] >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "OPS4J" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >>> -- >>> ------------------ >>> OPS4J - http://www.ops4j.org - [email protected] >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "OPS4J" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- -- ------------------ OPS4J - http://www.ops4j.org - [email protected] --- You received this message because you are subscribed to the Google Groups "OPS4J" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
