Indeed, looks like the BlackDuck tool is picking up the wrong version... I will look into that. Otherwise yes I did test the 7.1.5 RC Just disregard my last comment then.
Olivier -----Original Message----- From: Robbie Gemmell <[email protected]> Sent: mardi 8 octobre 2019 12:51 To: [email protected] Subject: Re: [VOTE] Release Qpid Broker-J 7.1.5 On Tue, 8 Oct 2019 at 11:23, VERMEULEN Olivier <[email protected]> wrote: > > +1 > > Launched the Murex validation pipeline which includes: > - basic sends and receives > - basic routing and filtering > - JDBC message and config stores > - message recovery > - HTTP management and statistics > - TTL, max queue size and max message size > - SSL and SASL > > Note that we've also added a performance test (that uses the JDBC message > store) and a legal/security check. > For information the security check raised that Jackson 2.9.9.3 has 2 known > major security issues and should be upgraded. > > Olivier > Are you sure you checked the 7.1.5 RC, since it doesn't use 2.9.9.3 as it was already updated: https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;a=commit;h=8fc4df81cd50a86f8bffaf4230689d0c2a34bc75 Running mvn dependency:tree on the src tar only looks to show 2.9.10 being used as expected based on that. Robbie --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] ******************************* This e-mail contains information for the intended recipient only. It may contain proprietary material or confidential information. If you are not the intended recipient you are not authorized to distribute, copy or use this e-mail or any attachment to it. Murex cannot guarantee that it is virus free and accepts no responsibility for any loss or damage arising from its use. If you have received this e-mail in error please notify immediately the sender and delete the original email received, any attachments and all copies from your system.
