Hi, since there were no objections I'll start the migration.
Thanks, Phil Am 01.06.19 um 22:25 schrieb P. Ottlinger: > Hi, > > as there were no concerns mentioned yet I'd like to call for a vote to > upgrade to Java7 as minimum for Creadur RAT. > > Vote is open until 2019-06-17 to give enough time for people currently > on vacation: > > +1 - I'm in favour of the vote. > -1 - I'm against upgrading because of ..... and have the following > proposal to fix the CVE issues instead .... > 0 - I don't mind, just go ahead. > > Thanks for your votes :) > > Phil > > Am 30.05.19 um 21:53 schrieb P. Ottlinger: >> I applied the update to JDK7 and committed minor changes to: >> >> https://github.com/apache/creadur-rat/tree/RAT-244/migratedToJDK7 >> >> Feel free to comment or complain if there are reasons to not upgrade to >> JDK7. >> >> Cheers & thanks, >> Phil >> >> Am 30.05.19 um 21:28 schrieb P. Ottlinger: >>> Hi all, >>> >>> while working on updating to language level 6 (RAT-244) I stumbled upon >>> available updates and used security warnings from github to perform updates. >>> >>> The archive walker uses Zip-functionality from commons-compress that >>> seems to have security issues >>> (https://nvd.nist.gov/vuln/detail/CVE-2018-1324 and >>> https://nvd.nist.gov/vuln/detail/CVE-2018-11771). >>> >>> Would you mind us updating to JDK7 as language level in order to fix >>> these vulnerable dependencies and be able to update other deps as well? >>> >>> Any opinions? >>> >>> Phil >>> >> >
