Hi, as there were no concerns mentioned yet I'd like to call for a vote to upgrade to Java7 as minimum for Creadur RAT.
Vote is open until 2019-06-17 to give enough time for people currently on vacation: +1 - I'm in favour of the vote. -1 - I'm against upgrading because of ..... and have the following proposal to fix the CVE issues instead .... 0 - I don't mind, just go ahead. Thanks for your votes :) Phil Am 30.05.19 um 21:53 schrieb P. Ottlinger: > I applied the update to JDK7 and committed minor changes to: > > https://github.com/apache/creadur-rat/tree/RAT-244/migratedToJDK7 > > Feel free to comment or complain if there are reasons to not upgrade to > JDK7. > > Cheers & thanks, > Phil > > Am 30.05.19 um 21:28 schrieb P. Ottlinger: >> Hi all, >> >> while working on updating to language level 6 (RAT-244) I stumbled upon >> available updates and used security warnings from github to perform updates. >> >> The archive walker uses Zip-functionality from commons-compress that >> seems to have security issues >> (https://nvd.nist.gov/vuln/detail/CVE-2018-1324 and >> https://nvd.nist.gov/vuln/detail/CVE-2018-11771). >> >> Would you mind us updating to JDK7 as language level in order to fix >> these vulnerable dependencies and be able to update other deps as well? >> >> Any opinions? >> >> Phil >> >
