On Mon, Nov 6, 2023 at 7:30 AM Oliver Hanraths
wrote:
>
> Hi Ben,
Hi!
> > However, if you need to mitigate immediately, you could replace
> > underscore in any version with a config override:
>
> Yeah, I know. Even though the affected file won’t be used by the
> application it would still be
On Thu, Oct 19, 2023 at 1:53 PM Numa Schmeder wrote:
> Hello,
Hi!
> Why don’t we update tapestry to use webpack and stop using underscore all
> together. It would make much more sense.
> We could also upgrade all tapestry async handling at least partial page
> rendering with a library like:
On Mon, Nov 6, 2023 at 11:30 AM Oliver Hanraths wrote:
>
> that would be much appreciated.
>
We will do a minor bugfix release soon, but I want to include TAP5-2768
(another pentest finding) which should be done tomorrow.
> Yeah, I know. Even though the affected file won’t be used by the
>
Hi Ben,
On Do, 2023-11-02 at 08:45 +0100, Ben Weidig wrote:
> AFAIK there's no release planned right now, but I concur that even a
> smaller one might be warranted due to fixing a CVE.
that would be much appreciated.
> However, if you need to mitigate immediately, you could replace
>
Hi Oliver,
AFAIK there's no release planned right now, but I concur that even a
smaller one might be warranted due to fixing a CVE.
However, if you need to mitigate immediately, you could replace underscore
in any version with a config override:
@Contribute(JavaScriptStack.class)
@Core
public
Hi Tapestry devs,
On Sa, 2023-10-21 at 14:02 +, benweidig (via GitHub) wrote:
> benweidig merged PR #45:
> URL: https://github.com/apache/tapestry-5/pull/45
with TAP5-2765 being merged and a couple of other bug fixes in 5.8.4,
would it be possible to release version 5.8.4? Some of our
benweidig merged PR #45:
URL: https://github.com/apache/tapestry-5/pull/45
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail:
Hello,
Why don’t we update tapestry to use webpack and stop using underscore all
together. It would make much more sense.
We could also upgrade all tapestry async handling at least partial page
rendering with a library like: https://hotwired.dev/
There is a reference implementation for ruby.
benweidig commented on PR #45:
URL: https://github.com/apache/tapestry-5/pull/45#issuecomment-1771222694
We ran into the same issue after a recent pen test and updated it
internally; there have been no issues so far.
Initially, I thought about removing underscore.js altogether, as
coderkun opened a new pull request, #45:
URL: https://github.com/apache/tapestry-5/pull/45
Tapestry uses [Underscore.js](http://underscorejs.org/) version 1.8.3, which
is more than eight years old (April 2015) and includes some security
vulnerabilities. I would like to upgrade it to the
10 matches
Mail list logo
