Awesome work. On Sun, Dec 15, 2019, 8:02 PM Joseph Koshakow <kosh...@gmail.com> wrote:
> JCommander closed the issue. > -Joe > > On Sun, Dec 15, 2019 at 8:35 PM Joseph Koshakow <kosh...@gmail.com> wrote: > > > The comments on that JCommander issue seem to indicate that the issue was > > resolved but never closed. I looked at > > https://github.com/cbeust/jcommander/blob/master/build.gradle.kts and it > > seems like they now use https for sonatype which is where the issue > > originated from. I left a comment on their issue to confirm with the > > developers if it was resolved. > > > > I have a PR open that upgrades us to JCommander version 1.78 ( > > https://github.com/apache/fluo/pull/1083/files) which is the most recent > > in maven. Hopefully that resolves the issue for us. > > > > -Joe > > > > On Sat, Dec 14, 2019 at 12:23 PM Kenneth McFarland < > > kennethmcfarl...@apache.org> wrote: > > > >> Here is a small example I found very fast out of curiosity. Jcommander > is > >> susceptible to MITM. > >> > >> https://github.com/cbeust/jcommander/issues/465 > >> > >> This is still open afaik. I'll be digging more for things like zipslip > etc > >> and transient vulns. I still would appreciate any advice. > >> > >> Auditing Fluo will probably mean working inspecting other projects more > >> than Fluo itself. > >> > >> > >> > >> On Fri, Dec 13, 2019, 11:27 AM Kenneth McFarland < > >> kennethmcfarl...@apache.org> wrote: > >> > >> > Hi guys, > >> > > >> > I have found I'm pretty interested in security. > >> > > >> > I'd like to get some experience with Fluo and it's dependencies > auditing > >> > them. I'm doing my own research but it's always best to leverage > others > >> > experience. > >> > > >> > If you have any good references, advice or tips for me please let me > >> know. > >> > I'll also be looking through the commit logs and checking accumulo. > >> > > >> > I wasn't sure where else to ask this since it's not really an issue > >> until > >> > something is found. Thanks! > >> > > >> > Kenny > >> > > >> > > >
