[jira] [Updated] (ISIS-1635) Upgrade dependency to resteasy
[ https://issues.apache.org/jira/browse/ISIS-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jörg Rade updated ISIS-1635: Description: org.codehaus.jackson brings in some vulnerabilities: !Dependency-Check.png|thumbnail! {code} [INFO] | +- org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile [INFO] | | +- org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile [INFO] | | | | | | \- com.sun.istack:istack-commons-runtime:jar:2.16:compile [INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile {code} Please upgrade to 3.1.3Final if feasible: {code} org.jboss.resteasy resteasy-jaxb-provider 3.1.3.Final org.jboss.resteasy resteasy-jackson-provider 3.1.3.Final {code} was: org.codehaus.jackson brings in some vulnerabilities: !Dependency-Check.png|thumbnail! {code} [INFO] | +- org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile [INFO] | | +- org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile [INFO] | | | | | | \- com.sun.istack:istack-commons-runtime:jar:2.16:compile [INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile {code} Please upgrade to 3.1.3Final if feasible: {code} org.jboss.resteasy resteasy-jaxb-provider 3.1.3.Final {code} > Upgrade dependency to resteasy > -- > > Key: ISIS-1635 > URL: https://issues.apache.org/jira/browse/ISIS-1635 > Project: Isis > Issue Type: Improvement > Components: Core: Viewer: RestfulObjects >Affects Versions: 1.14.0 >Reporter: Jörg Rade > Attachments: Dependency-Check.png > > > org.codehaus.jackson brings in some vulnerabilities: > !Dependency-Check.png|thumbnail! > {code} > [INFO] | +- > org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile > [INFO] | | +- > org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile > [INFO] | | | +- > org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile > [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile > [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile > [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile > [INFO] | | | | | | \- > com.sun.istack:istack-commons-runtime:jar:2.16:compile > [INFO] | | | | | \- > com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile > [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile > [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile > [INFO] | | | +- > org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile > [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile > [INFO] | | | | +- > org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile > [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile > [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile > {code} > Please upgrade to 3.1.3Final if feasible: > {code} > > org.jboss.resteasy > resteasy-jaxb-provider > 3.1.3.Final >
[jira] [Updated] (ISIS-1635) Upgrade dependency to resteasy
[ https://issues.apache.org/jira/browse/ISIS-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jörg Rade updated ISIS-1635: Description: org.codehaus.jackson brings in some vulnerabilities: !Dependency-Check.png|thumbnail! {code} [INFO] | +- org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile [INFO] | | +- org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile [INFO] | | | | | | \- com.sun.istack:istack-commons-runtime:jar:2.16:compile [INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile {code} Please upgrade to 3.1.3Final if feasible: {code} org.jboss.resteasy resteasy-jaxb-provider 3.1.3.Final {code} was: org.codehaus.jackson brings in some vulnerabilities: !Dependency-Check.png|thumbnail! {code} [INFO] | +- org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile [INFO] | | +- org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile [INFO] | | | | | | \- com.sun.istack:istack-commons-runtime:jar:2.16:compile [INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile {code} Please upgrade to 3.1.3Final if feasible: {code} org.jboss.resteasy resteasy-jackson-provider 3.1.3.Final {code} > Upgrade dependency to resteasy > -- > > Key: ISIS-1635 > URL: https://issues.apache.org/jira/browse/ISIS-1635 > Project: Isis > Issue Type: Improvement > Components: Core: Viewer: RestfulObjects >Affects Versions: 1.14.0 >Reporter: Jörg Rade > Attachments: Dependency-Check.png > > > org.codehaus.jackson brings in some vulnerabilities: > !Dependency-Check.png|thumbnail! > {code} > [INFO] | +- > org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile > [INFO] | | +- > org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile > [INFO] | | | +- > org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile > [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile > [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile > [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile > [INFO] | | | | | | \- > com.sun.istack:istack-commons-runtime:jar:2.16:compile > [INFO] | | | | | \- > com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile > [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile > [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile > [INFO] | | | +- > org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile > [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile > [INFO] | | | | +- > org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile > [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile > [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile > {code} > Please upgrade to 3.1.3Final if feasible: > {code} > > org.jboss.resteasy > resteasy-jaxb-provider > 3.1.3.Final > > {code} -- This message was sent by Atlassian JIRA
[jira] [Commented] (ISIS-1303) Rename the project to better describe its values and purpose
[ https://issues.apache.org/jira/browse/ISIS-1303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16046532#comment-16046532 ] Jan-Willem Gmelig Meyling commented on ISIS-1303: - +1 for Kikoro and Rubato. I think I prefer Rubato of the two (but defintely don't intend to make things even more complicated ;) ) > Rename the project to better describe its values and purpose > > > Key: ISIS-1303 > URL: https://issues.apache.org/jira/browse/ISIS-1303 > Project: Isis > Issue Type: Wish >Affects Versions: 1.11.1 >Reporter: Dan Haywood > Fix For: 1.20.0 > > Attachments: ApacheFarthing.jpg, ApacheFarthing.jpg, > ApacheGestalt.jpg, Offset-curves-of-sinus-curve.svg > > > In the past there have been a couple of discussions regarding renaming the > project, the reason generally cited being the potential embarrassment of > sharing a name with the jihadist militant group [1] currently prominent in > the headlines. After due discussion on the mailing lists the prevailing view > has been to retain our name: "we were here first". > Until now I've concurred with that view also... after all, I originally came > up with the name "Isis", originally based on the name of the Thames as it > flows through Oxford [2] (many of the original authors of the framework live > within Oxfordshire, UK). > Separately to that discussion, we have the issue of marketing. Originally we > marketed ourselves as a framework implementing the "naked objects" pattern > [3]; the original name of the framework (prior to Apache) was of course the > Naked Objects Framework. However, this pattern is either not well-known or > is misunderstood (only a low proportion of developers that encounter the idea > immediately "get it"). The crudity of the original user interfaces didn't > help. And the name also, of course, can cause embarrassment in some cultures. > Then, when domain-driven design [4] came along as a movement, that seemed an > obvious platform upon which to position the framework: we obviously share the > core belief that the domain is the most important bit of the system. However > - and I still find this surprising - despite attempts otherwise we haven't > really made too much of an impression in that community. The fact that the > DDD community got massively sidetracked for a while by the CQRS pattern is > perhaps part of it. I also often detect the view that DDD should imply not > using a framework. The irony of course is that in rejecting framework such > developers actually have to write more infrastructure code vs business domain > code. > Also, the fit is perhaps not all that good after all. In the DDD community I > don't see anyone talking about modules... one of the named patterns, and a > major focus of our framework, but missing from DDD talks. Instead they get > side-tracked talking only about aggregate roots or bounded contexts; all well > and good, but over-emphasised). > [Aside: Indeed, I raised the topic of modules with Eric Evans himself (in > person), and he agreed there was little emphasis. When I described our > framework's use of domain events to hook modules together (along with vetoing > behaviour we support) he admitted it was a new approach/pattern to him...] > Anyway, so DDD - which looked so promising - hasn't delivered. They might > come around to us one day, but it's probably time to define our own > individual space. Also, in the same way that everyone takes agile > development for granted as the "de facto", we ought to simply take DDD for > granted too... "of course you will be doing DDD, but are you doing it well?" > What we need to better market the framework is some other pattern or concept > or hook, and become known as the framework that best supports that idea. > There are several candidates: > - hexagonal architecture (also called ports and adapters, or the onion > architecture, and related to the clean architecture) > - don't repeat yourself principle > - aspect oriented programming (naked objects pattern is really the > recognition that UI presentation is a cross-cutting concern) > - the general concept of modularity > - DCI (data/context/interactions). > - "clean" "pure" "essential" pojo programming model > - agile, lean > - breaking down barriers between IT and business > Of these, I think that hexagonal architecture looks the best fit; it is well > regarded as a concept among the "cognoscenti", but there are surprisingly no > open source frameworks out there (at least in the Java space) that position > themselves as being the natural choice. > Therefore, I think a name - and appropriate short tag line - based around > this idea of hexagonal architecture should be considered. > Candidate names: > - hex (might hit
[jira] [Updated] (ISIS-1635) Upgrade dependency to resteasy
[ https://issues.apache.org/jira/browse/ISIS-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jörg Rade updated ISIS-1635: Affects Version/s: 1.14.0 > Upgrade dependency to resteasy > -- > > Key: ISIS-1635 > URL: https://issues.apache.org/jira/browse/ISIS-1635 > Project: Isis > Issue Type: Improvement > Components: Core: Viewer: RestfulObjects >Affects Versions: 1.14.0 >Reporter: Jörg Rade > Attachments: Dependency-Check.png > > > org.codehaus.jackson brings in some vulnerabilities: > !Dependency-Check.png|thumbnail! > {code} > [INFO] | +- > org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile > [INFO] | | +- > org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile > [INFO] | | | +- > org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile > [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile > [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile > [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile > [INFO] | | | | | | \- > com.sun.istack:istack-commons-runtime:jar:2.16:compile > [INFO] | | | | | \- > com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile > [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile > [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile > [INFO] | | | +- > org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile > [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile > [INFO] | | | | +- > org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile > [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile > [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile > {code} > Please upgrade to 3.1.3Final if feasible: > {code} > > org.jboss.resteasy > resteasy-jackson-provider > 3.1.3.Final > > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (ISIS-1635) Upgrade dependency to resteasy
[ https://issues.apache.org/jira/browse/ISIS-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jörg Rade updated ISIS-1635: Description: org.codehaus.jackson brings in some vulnerabilities: !Dependency-Check.png|thumbnail! {code} [INFO] | +- org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile [INFO] | | +- org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile [INFO] | | | | | | \- com.sun.istack:istack-commons-runtime:jar:2.16:compile [INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile {code} Please upgrade to 3.1.3Final if feasible: {code} org.jboss.resteasy resteasy-jackson-provider 3.1.3.Final {code} was: org.codehaus.jackson brings in some vulnerabilities: !ScreenShot 757 Dependency-Check Report - Mozilla Firefox.pngl! {code} [INFO] | +- org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile [INFO] | | +- org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile [INFO] | | | | | | \- com.sun.istack:istack-commons-runtime:jar:2.16:compile [INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile {code} Please upgrade to 3.1.3Final if feasible: {code} org.jboss.resteasy resteasy-jackson-provider 3.1.3.Final {code} > Upgrade dependency to resteasy > -- > > Key: ISIS-1635 > URL: https://issues.apache.org/jira/browse/ISIS-1635 > Project: Isis > Issue Type: Improvement > Components: Core: Viewer: RestfulObjects >Reporter: Jörg Rade > Attachments: Dependency-Check.png > > > org.codehaus.jackson brings in some vulnerabilities: > !Dependency-Check.png|thumbnail! > {code} > [INFO] | +- > org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile > [INFO] | | +- > org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile > [INFO] | | | +- > org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile > [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile > [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile > [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile > [INFO] | | | | | | \- > com.sun.istack:istack-commons-runtime:jar:2.16:compile > [INFO] | | | | | \- > com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile > [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile > [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile > [INFO] | | | +- > org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile > [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile > [INFO] | | | | +- > org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile > [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile > [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile > {code} > Please upgrade to 3.1.3Final if feasible: > {code} > > org.jboss.resteasy > resteasy-jackson-provider > 3.1.3.Final > > {code} -- This message was sent by Atlassian JIRA
[jira] [Updated] (ISIS-1635) Upgrade dependency to resteasy
[ https://issues.apache.org/jira/browse/ISIS-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jörg Rade updated ISIS-1635: Attachment: Dependency-Check.png > Upgrade dependency to resteasy > -- > > Key: ISIS-1635 > URL: https://issues.apache.org/jira/browse/ISIS-1635 > Project: Isis > Issue Type: Improvement > Components: Core: Viewer: RestfulObjects >Reporter: Jörg Rade > Attachments: Dependency-Check.png > > > org.codehaus.jackson brings in some vulnerabilities: > !ScreenShot 757 Dependency-Check Report - Mozilla Firefox.pngl! > {code} > [INFO] | +- > org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile > [INFO] | | +- > org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile > [INFO] | | | +- > org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile > [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile > [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile > [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile > [INFO] | | | | | | \- > com.sun.istack:istack-commons-runtime:jar:2.16:compile > [INFO] | | | | | \- > com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile > [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile > [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile > [INFO] | | | +- > org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile > [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile > [INFO] | | | | +- > org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile > [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile > [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile > {code} > Please upgrade to 3.1.3Final if feasible: > {code} > > org.jboss.resteasy > resteasy-jackson-provider > 3.1.3.Final > > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (ISIS-1635) Upgrade dependency to resteasy
Jörg Rade created ISIS-1635: --- Summary: Upgrade dependency to resteasy Key: ISIS-1635 URL: https://issues.apache.org/jira/browse/ISIS-1635 Project: Isis Issue Type: Improvement Components: Core: Viewer: RestfulObjects Reporter: Jörg Rade Attachments: ScreenShot 757 Dependency-Check Report - Mozilla Firefox.png org.codehaus.jackson brings in some vulnerabilities: !ScreenShot 757 Dependency-Check Report - Mozilla Firefox.png|thumbnail! {code} [INFO] | +- org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile [INFO] | | +- org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile [INFO] | | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile [INFO] | | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile [INFO] | | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile [INFO] | | | | | | \- com.sun.istack:istack-commons-runtime:jar:2.16:compile [INFO] | | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile [INFO] | | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile [INFO] | | | | \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile [INFO] | | | +- org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile [INFO] | | | | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile [INFO] | | | | +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile [INFO] | | | | \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile {code} Please upgrade to 3.1.3Final if feasible: {code} org.jboss.resteasy resteasy-jackson-provider 3.1.3.Final {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (ISIS-1604) Extend support for SVG (3 additional dependencies, it seems)
[ https://issues.apache.org/jira/browse/ISIS-1604?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16046375#comment-16046375 ] Jörg Rade commented on ISIS-1604: - The Batik versions used have high CVE values - they should rather not be included. Since in some places the browsers native support for SVG's seems to be used - maybe this can be here as well? > Extend support for SVG (3 additional dependencies, it seems) > > > Key: ISIS-1604 > URL: https://issues.apache.org/jira/browse/ISIS-1604 > Project: Isis > Issue Type: Wish > Components: Core: Viewer: Wicket >Affects Versions: 1.14.0 >Reporter: Jörg Rade >Priority: Minor > Fix For: 1.15.0 > > Attachments: knife-logo-header.svg > > > Currently SVG images can be used: > * as Logo in the upper left corner (Wicket Menubar) > * on the Login Page (login.html) > * as favicon ("image/svg+xml", cf. [ISIS-1115]) > SVGs are not displayed > * on the welcome page > SVGs can be attached as Blobs, but they are displayed as bitmaps (by means of > the Batik rasterizer) and do not scale. The rasterizer (of course) can not > deal with animations (cf. attachment). > See: > https://lists.apache.org/thread.html/68f16dd0306a8101c1cde06e5e6309b8d1b81b388a1f59e123cfc2f3@%3Cusers.isis.apache.org%3E > {code} > > com.twelvemonkeys.imageio > imageio-batik > 3.3.2 > > > com.twelvemonkeys.imageio > imageio-batik > 3.3.2 > test-jar > test > > > org.apache.xmlgraphics > batik-transcoder > 1.8 > > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)