[jira] [Commented] (JAMES-3033) Vulnerability found in dependency com.puppycrawl.tools:checkstyle

Sun, 02 Feb 2020 23:13:44 -0800 


    [ 
https://issues.apache.org/jira/browse/JAMES-3033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17028711#comment-17028711
 ] 

René Cordier commented on JAMES-3033:
-------------------------------------

It seems oddly enough to introduce other issues with the `CustomImportOrder` 
module. We have currently it defined like this in our checkstyle.xml conf file :

{code:xml}
<module name="CustomImportOrder">
      <property name="customImportOrderRules" 
value="STATIC###STANDARD_JAVA_PACKAGE###SPECIAL_IMPORTS"/>
      <property name="specialImportsRegExp" value="org"/>
      <property name="sortImportsInGroupAlphabetically" value="true"/>
</module>
{code}

Where before it seemed to work perfectly with our james import order, which 
should be something like this:

{code:java}
import statics;

import java.*;

import javax.*;

import org.*;

import com.*; 

import the rest;
{code}

Is it true for the com.* imports though? That's what is in my IntelliJ conf but 
I don't see with the conf of `CustomImportOrder` why it shouldn't be just part 
of the rest.

Anyway, still with the version 8.29, I get weird stuff like checkstyle is 
expecting having java and javax packages together... I'm not sure if it became 
more strict and we did something wrong, or if a bug has been introduced. I will 
dig more into it.

> Vulnerability found in dependency com.puppycrawl.tools:checkstyle
> -----------------------------------------------------------------
>
>                 Key: JAMES-3033
>                 URL: https://issues.apache.org/jira/browse/JAMES-3033
>             Project: James Server
>          Issue Type: Improvement
>            Reporter: René Cordier
>            Priority: Major
>              Labels: security
>
> A vulnerability issue has been found in com.puppycrawl.tools:checkstyle : 
> https://github.com/linagora/james-project/network/alert/pom.xml/com.puppycrawl.tools:checkstyle/open
> We need to fix it asap by upgrading it from version 8.23 to 8.29. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to