On 25-09-19 10:15, Andrea Aime wrote:
This will hopefully do the trick:
https://github.com/geotools/geotools/pull/2578
and here is a reference to our jgridshift fork, where I split the
project into two modules, and for good measure removed the test/sample
class that was using axis:
https://git
Hi Aaron,
one note, a month ago we asked users to test 22-RC, if you had checked back
then by now you'd have a 22.0
with a fix. Instead this way, even with a quick fix, you'll have to wait
until November to get an official release
without the dependency. Yep, you can work around by excluding the
de
This will hopefully do the trick:
https://github.com/geotools/geotools/pull/2578
and here is a reference to our jgridshift fork, where I split the project
into two modules, and for good measure removed the test/sample class that
was using axis:
https://github.com/geosolutions-it/jgridshift
Cheers
Hi,
so checking it's a spurious dependency, wrongly marked as compile instead
of test, it's actually just used by a test.
For the time being you should just safely exclude it, I'll make another
release of the jgridshift fork to adjust the dependency
type
Cheers
Andrea
On Tue, Sep 24, 2019 at 10:
I'll have a look, tickets like GEOT-6354 are the things keeping the library
alive (sponsored changes), so that everyone else can use and complain for
free ;-)
Regards
Andrea
Il mar 24 set 2019, 21:35 mark ha scritto:
> Pretty sure this is not just gt-solr; I've seen an version bump to 22.x PR
>
Pretty sure this is not just gt-solr; I've seen an version bump to 22.x
PR flagged as bringing in those vulnerabilities and we don't have an
explicit gt-solr dependency in our project.
looking further this seems to be caused by the jgridshift dependency in
various places, eg. org.geotools.xsd:
We would like to upgrade our gt-solr dependency to 22.0. However, it contains
the Apache Axis library. That library has some known vulnerabilities
axis-1.4.jar (pkg:maven/org.apache.axis/axis@1.4,
cpe:2.3:a:apache:axis:1.4:*:*:*:*:*:*:*) : CVE-2012-5784, CVE-2014-3596,
CVE-2018-8032, CVE-2019-0
