Hello I'm in the process of aligning Karaf, pax-web and pax-cdi - I'll have a look this week. For now, target version is 8.0.0, but I'll see if I can backport to 7.2.7 too.
regards Grzegorz Grzybek wt., 15 sty 2019 o 12:29 Jens Kordowski <[email protected]> napisał(a): > Hi again, > > any estimation on a resolution? > > Best regards > Jens > > On Tuesday, December 4, 2018 at 10:07:40 AM UTC+1, Jens Kordowski wrote: >> >> Thanks for taking this up! >> >> Am Dienstag, 27. November 2018 09:43:52 UTC+1 schrieb Jean-Baptiste >> Onofré: >>> >>> Thanks for the Jira. I will also take a look later today. >>> >>> Regards >>> JB >>> >>> Le mar. 27 nov. 2018 à 09:09, Grzegorz Grzybek <[email protected]> a >>> écrit : >>> >>>> Hello >>>> >>>> I've created https://ops4j1.jira.com/browse/PAXWEB-1188 to track this >>>> and assigned to me. I'll try to look at it soon. >>>> >>>> regards >>>> Grzegorz Grzybek >>>> >>>> pon., 26 lis 2018 o 13:47 Jens Kordowski <[email protected]> >>>> napisał(a): >>>> >>>>> Hi, >>>>> >>>>> pax-web-jsp pulls in a very old taglibs via >>>>> org.apache.geronimo.bundles:jstl:1.2_1. >>>>> >>>>> There is a known vulnerability listed on >>>>> https://nvd.nist.gov/vuln/detail/CVE-2015-0254 which is solved as of >>>>> version 1.2.3. >>>>> >>>>> Any opinions against an update of this library? Do you consider the >>>>> unit test coverage high enough to rely on after the update? >>>>> >>>>> I think there is no 1.2_3 release of org.apache.geronimo.bundles:jstl, >>>>> so this means getting this library via another artifact. >>>>> >>>>> Best regards >>>>> Jens >>>>> >>>>> -- >>>>> -- >>>>> ------------------ >>>>> OPS4J - http://www.ops4j.org - [email protected] >>>>> >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "OPS4J" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> -- >>>> -- >>>> ------------------ >>>> OPS4J - http://www.ops4j.org - [email protected] >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "OPS4J" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- > -- > ------------------ > OPS4J - http://www.ops4j.org - [email protected] > > --- > You received this message because you are subscribed to the Google Groups > "OPS4J" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- ------------------ OPS4J - http://www.ops4j.org - [email protected] --- You received this message because you are subscribed to the Google Groups "OPS4J" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
