[ https://issues.apache.org/jira/browse/MSITE-828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16683017#comment-16683017 ]
ASF GitHub Bot commented on MSITE-828: -------------------------------------- oflebbe commented on issue #3: [MSITE-828] Upgrade jetty to recent version. Update to java 1.8 (required for jetty) URL: https://github.com/apache/maven-site-plugin/pull/3#issuecomment-437706811 Hi Michael, latest jetty 9.2.26 has at least four known vulnerabilities: CVE-2017-7656, CVE-2017-7658, CVE-2017-7657, CVE-2017-9735 Some seem pretty serious to me. There seems to be a reason why it is not maintained any more. Do you want to argue that an Apache project can deliver insecure software since it is only used for "testing" ? Please keep in mind that the versions chosen will be picked up by 3rd party project through transitive dependencies. Best Regards, Olaf > Am 10.11.2018 um 13:17 schrieb Michael Osipov <notificati...@github.com>: > > @olamy <https://github.com/olamy> @oflebbe <https://github.com/oflebbe> I definitvely see your point, but Jetty 9.2 does its job for testing. As for bumping a Java version: I see this as valid as soon as someone provides good code using those features. When I see how slow we are changing stuff, I don't see this happening beyond 2019. Just for the sake of upgrading, I wouldn't do this. > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub <https://github.com/apache/maven-site-plugin/pull/3#issuecomment-437579945>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABH9eeibLjpo2qdLUHT5F8opv07OOdQrks5utsPTgaJpZM4YAUPQ>. > ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Jdk 1.8 required / Upgrade Jetty Version 9.4.12 > ----------------------------------------------- > > Key: MSITE-828 > URL: https://issues.apache.org/jira/browse/MSITE-828 > Project: Maven Site Plugin > Issue Type: Task > Reporter: Olivier Lamy (*$^¨%`£) > Assignee: Olivier Lamy (*$^¨%`£) > Priority: Major > -- This message was sent by Atlassian JIRA (v7.6.3#76005)