Wait I was too fast, I did not notice it was only about
org.codehaus.groovy:groovy-xmlrpc (and not Java Apache XML-RPC)
Hopefully it's not affected by the same security issues, I don't know and would
be interested about that...
Thanks
Jacques|
|
Le 21/07/2018 à 16:50, Jacques Le Roux a écrit :
Hi Bernhard,
Actually XML-RPC is no longer maintained, last fix in3.1.3 is for
http://www.openwall.com/lists/oss-security/2011/10/05/10
And there are CVEs pending :
https://0ang3el.blogspot.com/2016/07/beware-of-ws-xmlrpc-library-in-your.html
Other TLPs might be affected, I guess Archiva has been picked because being the
1st in alphabetical order...
HTH
Jacques
Le 19/07/2018 à 17:25, Bernhard Donaubauer a écrit :
Hello,
I think about replacing an old xml-rpc service written in perl with groovy.
There are examples using groovy-xmlrpc like here:
https://gist.github.com/bjfish/370521
But I wonder if this module is still maintained. While I can find the
jar files in the repositories I can't find the according project or sources.
Regards,
Bernhard Donaubauer
