This is bugging me as well, and I've figured out the root cause. The maven2
package runs update-alternatives with a priority of 200, and maven (3) with a
priority of 150. If you install maven2 and maven at the same time, you will
always get maven2. Since maven2 is a dependency for
On 30/08/14 5:37 AM, Salvatore Bonaccorso car...@debian.org wrote:
Source: elasticsearch
Severity: grave
Tags: security upstream fixed-upstream
Hi Hilko,
I see elasticsearch entered unstable now. Some time ago the following
vulnerability was published for elasticsearch.
CVE-2014-3120[0]:
| The
On 2/09/14 2:19 AM, tony mancill tmanc...@debian.org wrote:
CVE-2014-3120[0]:
| The default configuration in Elasticsearch before 1.2 enables dynamic
| scripting, which allows remote attackers to execute arbitrary MVEL
| expressions and Java code via the source parameter to _search. NOTE:
|
On 16/12/14 3:48 PM, tony mancill tmanc...@debian.org wrote:
On 12/14/2014 12:39 PM, Miguel Landaeta wrote:
Package: src:jruby
Version: 1.5.6-9
Severity: wishlist
I need a recent jruby version so I'll give a try to update this
package.
It's going to take time as anything related with
On 24 Jan 2015, at 1:57 am, Miguel Landaeta nomad...@debian.org wrote:
On Fri, Jan 23, 2015 at 06:21:34AM +, Potter, Tim (Cloud Services) wrote:
Just a quick update for the dependencies I’m working on.
[...]
* jnr-enxio, jnr-unixsocket, packaged and pushed to pkg-java
While
On 19/12/14 12:11 PM, Miguel Landaeta nomad...@debian.org wrote:
Thanks for info, Tony and Tim!
When I begin to work on those dependencies I'll ping you again to let
you know to coordinate and avoid work duplication.
Hi Miguel. I've just been going over the status of jruby1.7 and the work
Just a quick update for the dependencies I’m working on.
* jffi, packaged version 1.2.7 and pushed to the pkg-java repo as jffi-1.2.7.
Waiting for some direction on whether to merge over the old version, which I
expect will be the way to go This is a dependency for the remaining jnr-*
The current version of the libconstantine-java package is in the (old?)
pkg-java subversion repository. Let’s move it to git, and update to 0.8.6.
However the package has been renamed to jnr-constants in 2011-2012. View the
git commit log to see the gradual deprecation of the name
On 6/03/15 6:37 AM, Andreas Beckmann a...@debian.org wrote:
On 2015-03-05 04:21, Debian Bug Tracking System wrote:
* Change dependency on libconstantine-java to Conflicts, from
Breaks. (Closes: #779112).
No. Breaks should have been sufficient, but you are still missing a
Replaces.
It looks like this has been fixed, at least in sid:
root@56264f4d8fa9:/Source/pkg-java/jruby# cat /etc/issue
Debian GNU/Linux 8 \n \l
root@56264f4d8fa9:/Source/pkg-java/jruby# ruby -v
ruby 2.1.5p273 (2014-11-13) [x86_64-linux-gnu]
root@56264f4d8fa9:/Source/pkg-java/jruby# irb
irb(main):001:0
10 matches
Mail list logo