On Fri, 26 Feb 2021 at 16:06, robertlazarski
wrote:
> On my linux mint 20 machine that file is a symbolic link to
> /etc/maven/m2.conf, a file to which everyone has read access.
>
>>
>> I've also updated the jre java security policy config to give everyone
>> read access to this file. It makes no
Are you building with JDK 11? That won't have the system dep for tools.jar,
but as mentioned I didn't see it get pulled into the Axis2 build via maven.
On Fri, Feb 26, 2021 at 10:23 AM robertlazarski
wrote:
> There are no known CVE's in git for either Axis 1.x or Axis2.
>
> Strangely I don't see
There are no known CVE's in git for either Axis 1.x or Axis2.
Strangely I don't see that Axis2 dep error via "mvn dependency:analyze" nor
do I see that jar in ~/.m2 .
On Fri, Feb 26, 2021 at 12:19 AM Andrew Marlow
wrote:
> Hello everyone,
>
> I am trying to find out what CVE issues there are wi
On Fri, Feb 26, 2021 at 5:57 AM Andrew Marlow
wrote:
>
>
> On Fri, 26 Feb 2021 at 15:26, robertlazarski
> wrote:
>
>> That's a maven error beyond the scope of axis2, but anyways what do these
>> commands show?
>>
>> ls -l /etc/maven/m2.conf
>> whoami
>> groups
>>
>
> On my linux mint 20 machine
On Fri, 26 Feb 2021 at 15:26, robertlazarski
wrote:
> That's a maven error beyond the scope of axis2, but anyways what do these
> commands show?
>
> ls -l /etc/maven/m2.conf
> whoami
> groups
>
On my linux mint 20 machine that file is a symbolic link to
/etc/maven/m2.conf, a file to which everyo
That's a maven error beyond the scope of axis2, but anyways what do these
commands show?
ls -l /etc/maven/m2.conf
whoami
groups
On Thu, Feb 25, 2021 at 11:45 PM Andrew Marlow
wrote:
> Hello Robert, thank you for your quick reply. But now there is another
> problem:
>
> I just tried building the
Spring is updated too.
As an FYI, we now have "dependabot" automatically sending pull requests on
deps.
On Fri, Feb 26, 2021 at 5:16 AM robertlazarski
wrote:
> This is fixed in the Axis2 git repo as we switched entirely to log4j2.
>
> On Fri, Feb 26, 2021 at 1:42 AM Andrew Marlow
> wrote:
>
>
This is fixed in the Axis2 git repo as we switched entirely to log4j2.
On Fri, Feb 26, 2021 at 1:42 AM Andrew Marlow
wrote:
> Hello everyone,
>
> I have noticed that axis2 depends on log4j version 1 and spring framework
> 2.5.1. These have significant CVEs. Are there any plans for axis2 to move
Hello everyone,
I have noticed that axis2 depends on log4j version 1 and spring framework
2.5.1. These have significant CVEs. Are there any plans for axis2 to move
off these vulnerable components please?
log4j-v1
Apache Axis2 - Transport - testkit
Apache Axis2 - tool - WSDL2Code Maven Plu
Hello everyone,
I am trying to find out what CVE issues there are with axis2. I am using
the owasp maven plugin. With the appropriate plugin section added to the
pom I get a build error:
[INFO] < org.apache.axis2:axis2-jibx
>-
[INFO] Building Apache Axis2 -
Hello Robert, thank you for your quick reply. But now there is another
problem:
I just tried building the latest via git clone and got this weird
permission error:
Building: AXIS2-5782/pom.xml
The build exited with code 100. See
/home/marlowa/mystuff/axis2-build/latest-from-git/axis-axis2-java-co
11 matches
Mail list logo
