description from the CVE:
An attacker that is able to modify Velocity templates may execute arbitrary
Java code or run arbitrary system commands with the same privileges as the
account running the Servlet container. This applies to applications that allow
untrusted users to upload/modify velocit
Hi,
Does current code resolve the issue with velocity?
Before we should do some standard tasks
- review existing issues [1] - maybe some can be closed, and other can be
easy to fix
- review existing PR [2]
So community help will be appreciated.
Finally I can release the next version.
[1] htt
BTW org.apache.velocity:velocity used in 3.1.2 is reported as
vulnerable here:
https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-checkstyle-plugin/3.1.2
On Fri, 22 Apr 2022 at 10:42, Maxim Solodovnik wrote:
>
> 3.2.0-SNAPSHOT works as expected
> at least "Instanceof pattern matchi
3.2.0-SNAPSHOT works as expected
at least "Instanceof pattern matching" seems to pass checkstyle :)
On Thu, 21 Apr 2022 at 19:21, Falko Modler wrote:
>
> Hi Maxim,
>
> it works for me when adding checkstyle 9.3 (or other recent versions) as
> a plugin dependency, overriding the one that is shippe
Hi Maxim,
it works for me when adding checkstyle 9.3 (or other recent versions) as
a plugin dependency, overriding the one that is shipped by the plugin.
I never wait for plugin updates to update checkstyle, because checkstlye
is updated way more often than the plugin.
Cheers,
Falko
Am 21.04.
Hi,
Can you confirm that version 3.2.0-SNAPSHOT is working for you?
https://maven.apache.org/guides/development/guide-testing-development-plugins.html
czw., 21 kwi 2022 o 11:51 Maxim Solodovnik
napisał(a):
> Hello All,
>
> I would like to switch to the latest Java17 LTS
> But it seems latest m
Hello All,
I would like to switch to the latest Java17 LTS
But it seems latest maven-checkstyle-plugin doesn't work with new
java17 features :(
Maybe it would be possible to release new version?
Thanks in advance :)
--
Best regards,
Maxim
--