Re: Security Vulnerability Detected in GWT Library
Are there any plans to update this in GWT 2.9.0 ? Are there any technical limitations which are holding GWT from updating this. If there are no technical limitations and only issue is contribution to opensource, then I would like to know that. On Thursday, 2 May 2019 14:00:39 UTC+5:30, t.b...@gmail.com wrote: > > > > On Wednesday, May 1, 2019 at 8:58:03 PM UTC+2, foal wrote: >> >> Easly to update in upcoming releases than explain each other that it >> isn't critical :) >> >> BTW GWT-RPC user protobuf? >> > > The protobuf in gwt-servlet is an internal dependency for sourcemaps and > streamhtmlparser (used in server-side SafeHtml) > See https://github.com/gwtproject/gwt/issues/9659 > > >> Thought about replacing REST with Protobuf but did not find ready to use >> solution (Java <-> GWT with APT generators). >> > > Maybe grpc-web would be usable nowadays? > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/9d5cb600-480c-41d9-8501-7011e77844b7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Security Vulnerability Detected in GWT Library
On Wednesday, May 1, 2019 at 8:58:03 PM UTC+2, foal wrote: > > Easly to update in upcoming releases than explain each other that it isn't > critical :) > > BTW GWT-RPC user protobuf? > The protobuf in gwt-servlet is an internal dependency for sourcemaps and streamhtmlparser (used in server-side SafeHtml) See https://github.com/gwtproject/gwt/issues/9659 > Thought about replacing REST with Protobuf but did not find ready to use > solution (Java <-> GWT with APT generators). > Maybe grpc-web would be usable nowadays? -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
Re: Security Vulnerability Detected in GWT Library
Easly to update in upcoming releases than explain each other that it isn't critical :) BTW GWT-RPC user protobuf? Thought about replacing REST with Protobuf but did not find ready to use solution (Java <-> GWT with APT generators). Stas. On Wednesday, April 10, 2019 at 10:28:23 AM UTC+2, luca@gmail.com wrote: > > gwt-dev is only used during maven build or at least for the code server > running on my workstation, this is not necessary. > > May be gwt-servlet for old legacy apps thet still use GWT-RPC, but most > now use REST service and REST clients. > > Anyway thanks for your suggestions. > > Have a nice day > > Il giorno mercoledì 10 aprile 2019 10:26:00 UTC+2, Hrishikesh Joshi ha > scritto: >> >> GWT 2.8.2: >> All >> All >> >> --- >> >> # Description >> Security Vulnerability Detected in gwt-dev.jar & gwt-servlet.jar are >> reported by Dependency checker tool >> https://jeremylong.github.io/DependencyCheck/ >> >> Below are the details - >> 1. Gwt-dev.jar - >>1.1 Vulnerable version of jetty library(current version-- >> 9.2.14, available ) >>1.2 Vulnerable version of commons-collections(current >> version - 3.2.1) >>1.3 Vulnerable version of >> org.apache.httpcomponents:httpclient(current version - 4.3.1) >> >> 2. Gwt-servlet.jar >>1.1 Vulnerable version of Google Protobuf(current version >> - 2.5.0, available version - 3.4.0) >> >> # Steps to reproduce >> Refer instruction from following web site. >> >> https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html >> >> Is community going to update 3rd party library used by GWT to remove >> these Vulnerability ? >> > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
Re: Security Vulnerability Detected in GWT Library
gwt-dev is only used during maven build or at least for the code server running on my workstation, this is not necessary. May be gwt-servlet for old legacy apps thet still use GWT-RPC, but most now use REST service and REST clients. Anyway thanks for your suggestions. Have a nice day Il giorno mercoledì 10 aprile 2019 10:26:00 UTC+2, Hrishikesh Joshi ha scritto: > > GWT 2.8.2: > All > All > > --- > > # Description > Security Vulnerability Detected in gwt-dev.jar & gwt-servlet.jar are > reported by Dependency checker tool > https://jeremylong.github.io/DependencyCheck/ > > Below are the details - > 1. Gwt-dev.jar - >1.1 Vulnerable version of jetty library(current version-- > 9.2.14, available ) >1.2 Vulnerable version of commons-collections(current > version - 3.2.1) >1.3 Vulnerable version of > org.apache.httpcomponents:httpclient(current version - 4.3.1) > > 2. Gwt-servlet.jar >1.1 Vulnerable version of Google Protobuf(current version - > 2.5.0, available version - 3.4.0) > > # Steps to reproduce > Refer instruction from following web site. > > https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html > > Is community going to update 3rd party library used by GWT to remove these > Vulnerability ? > -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
Security Vulnerability Detected in GWT Library
GWT 2.8.2: All All --- # Description Security Vulnerability Detected in gwt-dev.jar & gwt-servlet.jar are reported by Dependency checker tool https://jeremylong.github.io/DependencyCheck/ Below are the details - 1. Gwt-dev.jar - 1.1 Vulnerable version of jetty library(current version-- 9.2.14, available ) 1.2 Vulnerable version of commons-collections(current version - 3.2.1) 1.3 Vulnerable version of org.apache.httpcomponents:httpclient(current version - 4.3.1) 2. Gwt-servlet.jar 1.1 Vulnerable version of Google Protobuf(current version - 2.5.0, available version - 3.4.0) # Steps to reproduce Refer instruction from following web site. https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html Is community going to update 3rd party library used by GWT to remove these Vulnerability ? -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.