I applied the update to JDK7 and committed minor changes to: https://github.com/apache/creadur-rat/tree/RAT-244/migratedToJDK7
Feel free to comment or complain if there are reasons to not upgrade to JDK7. Cheers & thanks, Phil Am 30.05.19 um 21:28 schrieb P. Ottlinger: > Hi all, > > while working on updating to language level 6 (RAT-244) I stumbled upon > available updates and used security warnings from github to perform updates. > > The archive walker uses Zip-functionality from commons-compress that > seems to have security issues > (https://nvd.nist.gov/vuln/detail/CVE-2018-1324 and > https://nvd.nist.gov/vuln/detail/CVE-2018-11771). > > Would you mind us updating to JDK7 as language level in order to fix > these vulnerable dependencies and be able to update other deps as well? > > Any opinions? > > Phil >
