Great, thanks a lot! Jens On Wednesday, January 16, 2019 at 7:08:59 PM UTC+1, Grzegorz Grzybek wrote: > > Hello > > I've just fixed https://ops4j1.jira.com/browse/PAXWEB-1188 > > It wasn't easy to find replacement for > org.apache.geronimo.bundles:jstl:1.2_1... > > Usually I prefer "official" bundles and first choice was set of > org.apache.taglibs:taglibs-standard-*:1.2.5 artifacts. > But I compared the content and there was missing > org.apache.taglibs.standard.extra.spath package (no idea why...) > > Then I found org.glassfish.web:javax.servlet.jsp.jstl:1.2.5 but it > contained com.oracle.wls.shaded which I was reluctant to use. > > So I found > org.jboss.spec.javax.servlet.jstl:jboss-jstl-api_1.2_spec:1.1.4.Final which > is based on Apache taglibs 1.2.5 (check its > org.apache.taglibs.standard.Version class). > > All tests pass, and I'm ready to release pax-web 7.2.7, but we're going to > fix https://ops4j1.jira.com/browse/PAXWEB-1189 (GzipHandler in Jetty). > > regards > Grzegorz Grzybek > > wt., 15 sty 2019 o 13:26 Grzegorz Grzybek <[email protected] > <javascript:>> napisał(a): > >> Hello >> >> I'm in the process of aligning Karaf, pax-web and pax-cdi - I'll have a >> look this week. For now, target version is 8.0.0, but I'll see if I can >> backport to 7.2.7 too. >> >> regards >> Grzegorz Grzybek >> >> wt., 15 sty 2019 o 12:29 Jens Kordowski <[email protected] <javascript:>> >> napisał(a): >> >>> Hi again, >>> >>> any estimation on a resolution? >>> >>> Best regards >>> Jens >>> >>> On Tuesday, December 4, 2018 at 10:07:40 AM UTC+1, Jens Kordowski wrote: >>>> >>>> Thanks for taking this up! >>>> >>>> Am Dienstag, 27. November 2018 09:43:52 UTC+1 schrieb Jean-Baptiste >>>> Onofré: >>>>> >>>>> Thanks for the Jira. I will also take a look later today. >>>>> >>>>> Regards >>>>> JB >>>>> >>>>> Le mar. 27 nov. 2018 à 09:09, Grzegorz Grzybek <[email protected]> a >>>>> écrit : >>>>> >>>>>> Hello >>>>>> >>>>>> I've created https://ops4j1.jira.com/browse/PAXWEB-1188 to track >>>>>> this and assigned to me. I'll try to look at it soon. >>>>>> >>>>>> regards >>>>>> Grzegorz Grzybek >>>>>> >>>>>> pon., 26 lis 2018 o 13:47 Jens Kordowski <[email protected]> >>>>>> napisał(a): >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> pax-web-jsp pulls in a very old taglibs via >>>>>>> org.apache.geronimo.bundles:jstl:1.2_1. >>>>>>> >>>>>>> There is a known vulnerability listed on >>>>>>> https://nvd.nist.gov/vuln/detail/CVE-2015-0254 which is solved as >>>>>>> of version 1.2.3. >>>>>>> >>>>>>> Any opinions against an update of this library? Do you consider the >>>>>>> unit test coverage high enough to rely on after the update? >>>>>>> >>>>>>> I think there is no 1.2_3 release of >>>>>>> org.apache.geronimo.bundles:jstl, so this means getting this library >>>>>>> via >>>>>>> another artifact. >>>>>>> >>>>>>> Best regards >>>>>>> Jens >>>>>>> >>>>>>> -- >>>>>>> -- >>>>>>> ------------------ >>>>>>> OPS4J - http://www.ops4j.org - [email protected] >>>>>>> >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "OPS4J" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> -- >>>>>> -- >>>>>> ------------------ >>>>>> OPS4J - http://www.ops4j.org - [email protected] >>>>>> >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "OPS4J" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> -- >>> -- >>> ------------------ >>> OPS4J - http://www.ops4j.org - [email protected] <javascript:> >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "OPS4J" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected] <javascript:>. >>> For more options, visit https://groups.google.com/d/optout. >>> >>
-- -- ------------------ OPS4J - http://www.ops4j.org - [email protected] --- You received this message because you are subscribed to the Google Groups "OPS4J" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
