[jira] [Commented] (MSITE-828) Jdk 1.8 required / Upgrade Jetty Version 9.4.12

Sun, 11 Nov 2018 13:39:22 -0800 


    [ 
https://issues.apache.org/jira/browse/MSITE-828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16683017#comment-16683017
 ] 

ASF GitHub Bot commented on MSITE-828:
--------------------------------------

oflebbe commented on issue #3: [MSITE-828] Upgrade jetty to recent version. 
Update to java 1.8 (required for jetty)
URL: https://github.com/apache/maven-site-plugin/pull/3#issuecomment-437706811
 
 
   Hi Michael,
   
   latest jetty 9.2.26 has at least four known vulnerabilities: CVE-2017-7656, 
CVE-2017-7658, CVE-2017-7657, CVE-2017-9735
   
   Some seem pretty serious to me. There seems to be a reason why it is not 
maintained any more.
   
   Do you want to argue that an Apache project can deliver insecure software 
since it is only used for "testing" ?
   
   Please keep in mind that the versions chosen will be picked up by 3rd party 
project through transitive dependencies.
   
   Best Regards,
   Olaf
   
   
   
   > Am 10.11.2018 um 13:17 schrieb Michael Osipov <notificati...@github.com>:
   > 
   > @olamy <https://github.com/olamy> @oflebbe <https://github.com/oflebbe> I 
definitvely see your point, but Jetty 9.2 does its job for testing. As for 
bumping a Java version: I see this as valid as soon as someone provides good 
code using those features. When I see how slow we are changing stuff, I don't 
see this happening beyond 2019. Just for the sake of upgrading, I wouldn't do 
this.
   > 
   > —
   > You are receiving this because you were mentioned.
   > Reply to this email directly, view it on GitHub 
<https://github.com/apache/maven-site-plugin/pull/3#issuecomment-437579945>, or 
mute the thread 
<https://github.com/notifications/unsubscribe-auth/ABH9eeibLjpo2qdLUHT5F8opv07OOdQrks5utsPTgaJpZM4YAUPQ>.
   > 
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Jdk 1.8 required / Upgrade Jetty Version 9.4.12
> -----------------------------------------------
>
>                 Key: MSITE-828
>                 URL: https://issues.apache.org/jira/browse/MSITE-828
>             Project: Maven Site Plugin
>          Issue Type: Task
>            Reporter: Olivier Lamy (*$^¨%`£)
>            Assignee: Olivier Lamy (*$^¨%`£)
>            Priority: Major
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to