[
https://issues.apache.org/jira/browse/MINDEXER-120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17028602#comment-17028602
] Sylwester Lachiewicz commented on MINDEXER-120: ----------------------------------------------- Done in [83520cf9ce298d1ec9af66cf17e9c55ffddd26fb|https://gitbox.apache.org/repos/asf?p=maven-indexer.git;a=commit;h=83520cf9ce298d1ec9af66cf17e9c55ffddd26fb] > Remove TrueZip dependency > ------------------------- > > Key: MINDEXER-120 > URL: https://issues.apache.org/jira/browse/MINDEXER-120 > Project: Maven Indexer > Issue Type: Improvement > Reporter: Sylwester Lachiewicz > Assignee: Sylwester Lachiewicz > Priority: Major > Fix For: 6.0.1 > > > Starting from Java 7 b55 > [4681995|https://bugs.java.com/bugdatabase/view_bug.do?bug_id=4681995] we > have support for big zip files (ZIP64) in core java. > Removing TrueZip would also remove dependency to potentially vulnerable > dependencies org.bouncycastle:bcprov-jdk15on and > org.apache.commons:commons-compress > [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32368] > [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32366] > [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32361] > [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32362] > [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32340] > [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32364] > [https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-32473] > [https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-72275] > [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32367] > [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32363] > [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-173771] > [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32365] > > Credits to: [https://snyk.io/] -- This message was sent by Atlassian Jira (v8.3.4#803005)
