[jira] [Updated] (ISIS-1635) Upgrade dependency to resteasy
[
https://issues.apache.org/jira/browse/ISIS-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jörg Rade updated ISIS-1635:
Description:
org.codehaus.jackson brings in some vulnerabilities:
!Dependency-Check.png|thumbnail!
{code}
[INFO] | +-
org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
[INFO] | | +-
org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
[INFO] | | | +-
org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
[INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
[INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
[INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
[INFO] | | | | | | \-
com.sun.istack:istack-commons-runtime:jar:2.16:compile
[INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
[INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile
[INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
[INFO] | | | +-
org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
[INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
{code}
Please upgrade to 3.1.3Final if feasible:
{code}
org.jboss.resteasy
resteasy-jaxb-provider
3.1.3.Final
org.jboss.resteasy
resteasy-jackson-provider
3.1.3.Final
{code}
was:
org.codehaus.jackson brings in some vulnerabilities:
!Dependency-Check.png|thumbnail!
{code}
[INFO] | +-
org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
[INFO] | | +-
org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
[INFO] | | | +-
org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
[INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
[INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
[INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
[INFO] | | | | | | \-
com.sun.istack:istack-commons-runtime:jar:2.16:compile
[INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
[INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile
[INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
[INFO] | | | +-
org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
[INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
{code}
Please upgrade to 3.1.3Final if feasible:
{code}
org.jboss.resteasy
resteasy-jaxb-provider
3.1.3.Final
{code}
> Upgrade dependency to resteasy
> --
>
> Key: ISIS-1635
> URL: https://issues.apache.org/jira/browse/ISIS-1635
> Project: Isis
> Issue Type: Improvement
> Components: Core: Viewer: RestfulObjects
>Affects Versions: 1.14.0
>Reporter: Jörg Rade
> Attachments: Dependency-Check.png
>
>
> org.codehaus.jackson brings in some vulnerabilities:
> !Dependency-Check.png|thumbnail!
> {code}
> [INFO] | +-
> org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
> [INFO] | | +-
> org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
> [INFO] | | | +-
> org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
> [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
> [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
> [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
> [INFO] | | | | | | \-
> com.sun.istack:istack-commons-runtime:jar:2.16:compile
> [INFO] | | | | | \-
> com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
> [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile
> [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
> [INFO] | | | +-
> org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
> [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
> [INFO] | | | | +-
> org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
> [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
> [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
> {code}
> Please upgrade to 3.1.3Final if feasible:
> {code}
>
> org.jboss.resteasy
> resteasy-jaxb-provider
> 3.1.3.Final
>
[jira] [Updated] (ISIS-1635) Upgrade dependency to resteasy
[
https://issues.apache.org/jira/browse/ISIS-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jörg Rade updated ISIS-1635:
Description:
org.codehaus.jackson brings in some vulnerabilities:
!Dependency-Check.png|thumbnail!
{code}
[INFO] | +-
org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
[INFO] | | +-
org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
[INFO] | | | +-
org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
[INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
[INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
[INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
[INFO] | | | | | | \-
com.sun.istack:istack-commons-runtime:jar:2.16:compile
[INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
[INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile
[INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
[INFO] | | | +-
org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
[INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
{code}
Please upgrade to 3.1.3Final if feasible:
{code}
org.jboss.resteasy
resteasy-jaxb-provider
3.1.3.Final
{code}
was:
org.codehaus.jackson brings in some vulnerabilities:
!Dependency-Check.png|thumbnail!
{code}
[INFO] | +-
org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
[INFO] | | +-
org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
[INFO] | | | +-
org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
[INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
[INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
[INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
[INFO] | | | | | | \-
com.sun.istack:istack-commons-runtime:jar:2.16:compile
[INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
[INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile
[INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
[INFO] | | | +-
org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
[INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
{code}
Please upgrade to 3.1.3Final if feasible:
{code}
org.jboss.resteasy
resteasy-jackson-provider
3.1.3.Final
{code}
> Upgrade dependency to resteasy
> --
>
> Key: ISIS-1635
> URL: https://issues.apache.org/jira/browse/ISIS-1635
> Project: Isis
> Issue Type: Improvement
> Components: Core: Viewer: RestfulObjects
>Affects Versions: 1.14.0
>Reporter: Jörg Rade
> Attachments: Dependency-Check.png
>
>
> org.codehaus.jackson brings in some vulnerabilities:
> !Dependency-Check.png|thumbnail!
> {code}
> [INFO] | +-
> org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
> [INFO] | | +-
> org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
> [INFO] | | | +-
> org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
> [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
> [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
> [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
> [INFO] | | | | | | \-
> com.sun.istack:istack-commons-runtime:jar:2.16:compile
> [INFO] | | | | | \-
> com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
> [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile
> [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
> [INFO] | | | +-
> org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
> [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
> [INFO] | | | | +-
> org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
> [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
> [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
> {code}
> Please upgrade to 3.1.3Final if feasible:
> {code}
>
> org.jboss.resteasy
> resteasy-jaxb-provider
> 3.1.3.Final
>
> {code}
--
This message was sent by Atlassian JIRA
[jira] [Commented] (ISIS-1303) Rename the project to better describe its values and purpose
[ https://issues.apache.org/jira/browse/ISIS-1303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16046532#comment-16046532 ] Jan-Willem Gmelig Meyling commented on ISIS-1303: - +1 for Kikoro and Rubato. I think I prefer Rubato of the two (but defintely don't intend to make things even more complicated ;) ) > Rename the project to better describe its values and purpose > > > Key: ISIS-1303 > URL: https://issues.apache.org/jira/browse/ISIS-1303 > Project: Isis > Issue Type: Wish >Affects Versions: 1.11.1 >Reporter: Dan Haywood > Fix For: 1.20.0 > > Attachments: ApacheFarthing.jpg, ApacheFarthing.jpg, > ApacheGestalt.jpg, Offset-curves-of-sinus-curve.svg > > > In the past there have been a couple of discussions regarding renaming the > project, the reason generally cited being the potential embarrassment of > sharing a name with the jihadist militant group [1] currently prominent in > the headlines. After due discussion on the mailing lists the prevailing view > has been to retain our name: "we were here first". > Until now I've concurred with that view also... after all, I originally came > up with the name "Isis", originally based on the name of the Thames as it > flows through Oxford [2] (many of the original authors of the framework live > within Oxfordshire, UK). > Separately to that discussion, we have the issue of marketing. Originally we > marketed ourselves as a framework implementing the "naked objects" pattern > [3]; the original name of the framework (prior to Apache) was of course the > Naked Objects Framework. However, this pattern is either not well-known or > is misunderstood (only a low proportion of developers that encounter the idea > immediately "get it"). The crudity of the original user interfaces didn't > help. And the name also, of course, can cause embarrassment in some cultures. > Then, when domain-driven design [4] came along as a movement, that seemed an > obvious platform upon which to position the framework: we obviously share the > core belief that the domain is the most important bit of the system. However > - and I still find this surprising - despite attempts otherwise we haven't > really made too much of an impression in that community. The fact that the > DDD community got massively sidetracked for a while by the CQRS pattern is > perhaps part of it. I also often detect the view that DDD should imply not > using a framework. The irony of course is that in rejecting framework such > developers actually have to write more infrastructure code vs business domain > code. > Also, the fit is perhaps not all that good after all. In the DDD community I > don't see anyone talking about modules... one of the named patterns, and a > major focus of our framework, but missing from DDD talks. Instead they get > side-tracked talking only about aggregate roots or bounded contexts; all well > and good, but over-emphasised). > [Aside: Indeed, I raised the topic of modules with Eric Evans himself (in > person), and he agreed there was little emphasis. When I described our > framework's use of domain events to hook modules together (along with vetoing > behaviour we support) he admitted it was a new approach/pattern to him...] > Anyway, so DDD - which looked so promising - hasn't delivered. They might > come around to us one day, but it's probably time to define our own > individual space. Also, in the same way that everyone takes agile > development for granted as the "de facto", we ought to simply take DDD for > granted too... "of course you will be doing DDD, but are you doing it well?" > What we need to better market the framework is some other pattern or concept > or hook, and become known as the framework that best supports that idea. > There are several candidates: > - hexagonal architecture (also called ports and adapters, or the onion > architecture, and related to the clean architecture) > - don't repeat yourself principle > - aspect oriented programming (naked objects pattern is really the > recognition that UI presentation is a cross-cutting concern) > - the general concept of modularity > - DCI (data/context/interactions). > - "clean" "pure" "essential" pojo programming model > - agile, lean > - breaking down barriers between IT and business > Of these, I think that hexagonal architecture looks the best fit; it is well > regarded as a concept among the "cognoscenti", but there are surprisingly no > open source frameworks out there (at least in the Java space) that position > themselves as being the natural choice. > Therefore, I think a name - and appropriate short tag line - based around > this idea of hexagonal architecture should be considered. > Candidate names: > - hex (might hit
[jira] [Updated] (ISIS-1635) Upgrade dependency to resteasy
[
https://issues.apache.org/jira/browse/ISIS-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jörg Rade updated ISIS-1635:
Affects Version/s: 1.14.0
> Upgrade dependency to resteasy
> --
>
> Key: ISIS-1635
> URL: https://issues.apache.org/jira/browse/ISIS-1635
> Project: Isis
> Issue Type: Improvement
> Components: Core: Viewer: RestfulObjects
>Affects Versions: 1.14.0
>Reporter: Jörg Rade
> Attachments: Dependency-Check.png
>
>
> org.codehaus.jackson brings in some vulnerabilities:
> !Dependency-Check.png|thumbnail!
> {code}
> [INFO] | +-
> org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
> [INFO] | | +-
> org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
> [INFO] | | | +-
> org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
> [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
> [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
> [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
> [INFO] | | | | | | \-
> com.sun.istack:istack-commons-runtime:jar:2.16:compile
> [INFO] | | | | | \-
> com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
> [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile
> [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
> [INFO] | | | +-
> org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
> [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
> [INFO] | | | | +-
> org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
> [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
> [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
> {code}
> Please upgrade to 3.1.3Final if feasible:
> {code}
>
> org.jboss.resteasy
> resteasy-jackson-provider
> 3.1.3.Final
>
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (ISIS-1635) Upgrade dependency to resteasy
[
https://issues.apache.org/jira/browse/ISIS-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jörg Rade updated ISIS-1635:
Description:
org.codehaus.jackson brings in some vulnerabilities:
!Dependency-Check.png|thumbnail!
{code}
[INFO] | +-
org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
[INFO] | | +-
org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
[INFO] | | | +-
org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
[INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
[INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
[INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
[INFO] | | | | | | \-
com.sun.istack:istack-commons-runtime:jar:2.16:compile
[INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
[INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile
[INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
[INFO] | | | +-
org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
[INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
{code}
Please upgrade to 3.1.3Final if feasible:
{code}
org.jboss.resteasy
resteasy-jackson-provider
3.1.3.Final
{code}
was:
org.codehaus.jackson brings in some vulnerabilities:
!ScreenShot 757 Dependency-Check Report - Mozilla Firefox.pngl!
{code}
[INFO] | +-
org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
[INFO] | | +-
org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
[INFO] | | | +-
org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
[INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
[INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
[INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
[INFO] | | | | | | \-
com.sun.istack:istack-commons-runtime:jar:2.16:compile
[INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
[INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile
[INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
[INFO] | | | +-
org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
[INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
{code}
Please upgrade to 3.1.3Final if feasible:
{code}
org.jboss.resteasy
resteasy-jackson-provider
3.1.3.Final
{code}
> Upgrade dependency to resteasy
> --
>
> Key: ISIS-1635
> URL: https://issues.apache.org/jira/browse/ISIS-1635
> Project: Isis
> Issue Type: Improvement
> Components: Core: Viewer: RestfulObjects
>Reporter: Jörg Rade
> Attachments: Dependency-Check.png
>
>
> org.codehaus.jackson brings in some vulnerabilities:
> !Dependency-Check.png|thumbnail!
> {code}
> [INFO] | +-
> org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
> [INFO] | | +-
> org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
> [INFO] | | | +-
> org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
> [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
> [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
> [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
> [INFO] | | | | | | \-
> com.sun.istack:istack-commons-runtime:jar:2.16:compile
> [INFO] | | | | | \-
> com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
> [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile
> [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
> [INFO] | | | +-
> org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
> [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
> [INFO] | | | | +-
> org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
> [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
> [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
> {code}
> Please upgrade to 3.1.3Final if feasible:
> {code}
>
> org.jboss.resteasy
> resteasy-jackson-provider
> 3.1.3.Final
>
> {code}
--
This message was sent by Atlassian JIRA
[jira] [Updated] (ISIS-1635) Upgrade dependency to resteasy
[
https://issues.apache.org/jira/browse/ISIS-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jörg Rade updated ISIS-1635:
Attachment: Dependency-Check.png
> Upgrade dependency to resteasy
> --
>
> Key: ISIS-1635
> URL: https://issues.apache.org/jira/browse/ISIS-1635
> Project: Isis
> Issue Type: Improvement
> Components: Core: Viewer: RestfulObjects
>Reporter: Jörg Rade
> Attachments: Dependency-Check.png
>
>
> org.codehaus.jackson brings in some vulnerabilities:
> !ScreenShot 757 Dependency-Check Report - Mozilla Firefox.pngl!
> {code}
> [INFO] | +-
> org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
> [INFO] | | +-
> org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
> [INFO] | | | +-
> org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
> [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
> [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
> [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
> [INFO] | | | | | | \-
> com.sun.istack:istack-commons-runtime:jar:2.16:compile
> [INFO] | | | | | \-
> com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
> [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile
> [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
> [INFO] | | | +-
> org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
> [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
> [INFO] | | | | +-
> org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
> [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
> [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
> {code}
> Please upgrade to 3.1.3Final if feasible:
> {code}
>
> org.jboss.resteasy
> resteasy-jackson-provider
> 3.1.3.Final
>
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Created] (ISIS-1635) Upgrade dependency to resteasy
Jörg Rade created ISIS-1635:
---
Summary: Upgrade dependency to resteasy
Key: ISIS-1635
URL: https://issues.apache.org/jira/browse/ISIS-1635
Project: Isis
Issue Type: Improvement
Components: Core: Viewer: RestfulObjects
Reporter: Jörg Rade
Attachments: ScreenShot 757 Dependency-Check Report - Mozilla
Firefox.png
org.codehaus.jackson brings in some vulnerabilities:
!ScreenShot 757 Dependency-Check Report - Mozilla Firefox.png|thumbnail!
{code}
[INFO] | +-
org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
[INFO] | | +-
org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
[INFO] | | | +-
org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
[INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
[INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
[INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
[INFO] | | | | | | \-
com.sun.istack:istack-commons-runtime:jar:2.16:compile
[INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
[INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile
[INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
[INFO] | | | +-
org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
[INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
[INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile
{code}
Please upgrade to 3.1.3Final if feasible:
{code}
org.jboss.resteasy
resteasy-jackson-provider
3.1.3.Final
{code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (ISIS-1604) Extend support for SVG (3 additional dependencies, it seems)
[
https://issues.apache.org/jira/browse/ISIS-1604?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16046375#comment-16046375
]
Jörg Rade commented on ISIS-1604:
-
The Batik versions used have high CVE values - they should rather not be
included.
Since in some places the browsers native support for SVG's seems to be used -
maybe this can be here as well?
> Extend support for SVG (3 additional dependencies, it seems)
>
>
> Key: ISIS-1604
> URL: https://issues.apache.org/jira/browse/ISIS-1604
> Project: Isis
> Issue Type: Wish
> Components: Core: Viewer: Wicket
>Affects Versions: 1.14.0
>Reporter: Jörg Rade
>Priority: Minor
> Fix For: 1.15.0
>
> Attachments: knife-logo-header.svg
>
>
> Currently SVG images can be used:
> * as Logo in the upper left corner (Wicket Menubar)
> * on the Login Page (login.html)
> * as favicon ("image/svg+xml", cf. [ISIS-1115])
> SVGs are not displayed
> * on the welcome page
> SVGs can be attached as Blobs, but they are displayed as bitmaps (by means of
> the Batik rasterizer) and do not scale. The rasterizer (of course) can not
> deal with animations (cf. attachment).
> See:
> https://lists.apache.org/thread.html/68f16dd0306a8101c1cde06e5e6309b8d1b81b388a1f59e123cfc2f3@%3Cusers.isis.apache.org%3E
> {code}
>
> com.twelvemonkeys.imageio
> imageio-batik
> 3.3.2
>
>
> com.twelvemonkeys.imageio
> imageio-batik
> 3.3.2
> test-jar
> test
>
>
> org.apache.xmlgraphics
> batik-transcoder
> 1.8
>
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
