[jira] [Resolved] (SLIDER-1091) Upgrade test-time dependency on Groovy to 2.4.4

Steve Loughran (JIRA) Wed, 24 Feb 2016 08:50:43 -0800

     [ 
https://issues.apache.org/jira/browse/SLIDER-1091?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Steve Loughran resolved SLIDER-1091.
------------------------------------
       Resolution: Duplicate
    Fix Version/s: Slider 0.90.2

> Upgrade test-time dependency on Groovy to 2.4.4
> -----------------------------------------------
>
>                 Key: SLIDER-1091
>                 URL: https://issues.apache.org/jira/browse/SLIDER-1091
>             Project: Slider
>          Issue Type: Bug
>          Components: build, security, test
>    Affects Versions: Slider 0.90.2
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>             Fix For: Slider 0.90.2
>
>
> [CVE-2015-3253|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3253] 
> means that the groovy version we use for tests must be considered insecure.
> There is no vulnerability in Slider release: We don't distribute groovy. Nor 
> we do any object serialization, which is the vulnerability. However, we 
> should upgrade anyway



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (SLIDER-1091) Upgrade test-time dependency on Groovy to 2.4.4

Reply via email to