Hi All, In this thread I will be reporting updates related to release of BlazeDS. I looked into Chris's branch and I would like to exclude Proxy module from upcoming release. Please let me know in this thread whether you have anything against it.
Meanwhile I have following error on the console during build - Anyone know what that means ? One or more dependencies were identified with known vulnerabilities in flex-messaging-common: serializer-2.7.2.jar (pkg:maven/xalan/serializer@2.7.2, cpe:2.3:a:apache:xalan-java:2.7.2:*:*:*:*:*:*:*) : CVE-2022-34169 xalan-2.7.2.jar (pkg:maven/xalan/xalan@2.7.2, cpe:2.3:a:apache:xalan-java:2.7.2:*:*:*:*:*:*:*) : CVE-2022-34169 See the dependency-check report for more details. [*INFO*] *------------------------------------------------------------------------* [*INFO*] *Reactor Summary for Apache Flex - BlazeDS 4.8.0-SNAPSHOT:* [*INFO*] [*INFO*] Apache Flex - BlazeDS .............................. *SUCCESS* [ 5.914 s] [*INFO*] flex-messaging-archetypes .......................... *SUCCESS* [ 1.409 s] [*INFO*] blazeds-spring-boot-example-archetype .............. *SUCCESS* [ 4.430 s] [*INFO*] flex-messaging-common .............................. *FAILURE* [ 2.155 s] [*INFO*] flex-messaging-core ................................ *SKIPPED* [*INFO*] flex-messaging-proxy ............................... *SKIPPED* [*INFO*] flex-messaging-remoting ............................ *SKIPPED* [*INFO*] flex-messaging-opt ................................. *SKIPPED* [*INFO*] flex-messaging-opt-tomcat .......................... *SKIPPED* [*INFO*] flex-messaging-opt-tomcat-base ..................... *SKIPPED* [*INFO*] *------------------------------------------------------------------------* [*INFO*] *BUILD FAILURE* [*INFO*] *------------------------------------------------------------------------* [*INFO*] Total time: 14.115 s [*INFO*] Finished at: 2022-08-14T12:24:30+02:00 [*INFO*] *------------------------------------------------------------------------* [*ERROR*] Failed to execute goal org.owasp:dependency-check-maven:7.1.0:check *(default)* on project flex-messaging-common: [*ERROR*] [*ERROR*] *One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '4.0': * [*ERROR*] [*ERROR*] *serializer-2.7.2.jar: CVE-2022-34169(9.8)* [*ERROR*] *xalan-2.7.2.jar: CVE-2022-34169(9.8)* [*ERROR*] [*ERROR*] *See the dependency-check report for more details.* Thanks, -- Piotr Zarzycki
