Yes, my main concern was more possible breaking changes before the
(then) upcoming 24.x branch.
Now that we have the stable 24.09 branch I see no problem in moving that
further.
Best regards,
Michael Brohl
ecomify GmbH - www.ecomify.de
Am 11.10.24 um 11:00 schrieb Nicolas Malin:
My bad I said you can push on trunk, the 24.09 is here to secure our
production site and let trunk to go ahead.
Nicolas
Le 11/10/2024 à 10:55, Jacques Le Roux a écrit :
Hi Nicolas,
I don't get it, do you mean on 24.09 only, if so why?
Jacques
Le 11/10/2024 à 10:50, Nicolas Malin a écrit :
Hey Jacques,
I looked it fast the PR and I thinks we have no reason to push it on
trunk, we create the 24.09 for that :)
Nicolas
Le 11/10/2024 à 10:24, Jacques Le Roux a écrit :
Hi,
3 months ago Danny Trunk created
https://issues.apache.org/jira/browse/OFBIZ-13123
It's interesting PRs about security with transitive dependencies.
So far we did not merge it because of Michael's reasonable concerns
(see https://github.com/apache/ofbiz-framework/pull/819)
The framework part begins to have conflicts to resolve... simple
for now....
I hope to soon update Freemarker to 2.3.34
see
https://issues.apache.org/jira/browse/OFBIZ-13131
and
https://lists.apache.org/thread/mczcsc04hl83spkdt66y25z2nqsgyz51
I'm also concerned about
https://www.cve.org/CVERecord?id=CVE-2024-47554
What do you thing about all that?
TIA
