Hi Lewis Getting one of the latest releases should be fine; while I've been out of touch with CXF recently, I can ask around for some version advice as the guys deal with the security vulnerabilities seriously there, if addressing this issue proves problematic Cheers, Sergey
On Tue, Apr 7, 2020 at 10:44 PM Lewis John McGibbney <lewi...@apache.org> wrote: > I suspected this was the case folks :) > I actually really like this idea. > I'll take the action item to address this seeing as I pulled it up... > seeing as I am also working on tika-server right now I'll also take the > action item to address the vulnerable CXF deps. > Thanks, > Lewis > > On 2020/04/06 16:19:16, Tim Allison <talli...@apache.org> wrote: > > >We shouldn't have any at release time, but they will obviously creep in > > between releases > > > > Except the time, where I did the release and was trying to build it for > > updating the site, and this had already kicked in. :( > > > > Y, we can turn this to warn, as long as we run it with fail as part of > the > > release process. > > > > On Mon, Apr 6, 2020 at 9:59 AM Nick Burch <apa...@gagravarr.org> wrote: > > > > > On Mon, 6 Apr 2020, Eric Pugh wrote: > > > > Maybe this needs better documentation, however this is a “works as > > > > designed” feature! > > > > > > > > To avoid the build failing, run mvn package -Dossindex.fail=false > > > > > > Should we maybe have this set to false by default, and only enabled > > > on release builds? > > > > > > (We shouldn't have any at release time, but they will obviously creep > in > > > between releases) > > > > > > Nick > > >
