[
https://issues.apache.org/jira/browse/JAMES-3033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17028711#comment-17028711
]
René Cordier edited comment on JAMES-3033 at 2/3/20 7:13 AM:
-------------------------------------------------------------
It seems oddly enough to introduce other issues with the `CustomImportOrder`
module. We have currently it defined like this in our checkstyle.xml conf file :
{code:xml}
<module name="CustomImportOrder">
<property name="customImportOrderRules"
value="STATIC###STANDARD_JAVA_PACKAGE###SPECIAL_IMPORTS"/>
<property name="specialImportsRegExp" value="org"/>
<property name="sortImportsInGroupAlphabetically" value="true"/>
</module>
{code}
Where before it seemed to work perfectly with our james import order, which
should be something like this:
{code:java}
import statics;
import java.*;
import javax.*;
import org.*;
import com.*;
import the rest;
{code}
Is it true for the com.* imports though? That's what is in my IntelliJ conf but
I don't see with the conf of `CustomImportOrder` why it shouldn't be just part
of the rest.
Anyway, still with the version 8.29, I get weird stuff like checkstyle is
expecting having java and javax packages together... I'm not sure if it became
more strict in the syntax and we did something wrong, or if a bug has been
introduced. I will dig more into it.
was (Author: rcordier):
It seems oddly enough to introduce other issues with the `CustomImportOrder`
module. We have currently it defined like this in our checkstyle.xml conf file :
{code:xml}
<module name="CustomImportOrder">
<property name="customImportOrderRules"
value="STATIC###STANDARD_JAVA_PACKAGE###SPECIAL_IMPORTS"/>
<property name="specialImportsRegExp" value="org"/>
<property name="sortImportsInGroupAlphabetically" value="true"/>
</module>
{code}
Where before it seemed to work perfectly with our james import order, which
should be something like this:
{code:java}
import statics;
import java.*;
import javax.*;
import org.*;
import com.*;
import the rest;
{code}
Is it true for the com.* imports though? That's what is in my IntelliJ conf but
I don't see with the conf of `CustomImportOrder` why it shouldn't be just part
of the rest.
Anyway, still with the version 8.29, I get weird stuff like checkstyle is
expecting having java and javax packages together... I'm not sure if it became
more strict and we did something wrong, or if a bug has been introduced. I will
dig more into it.
> Vulnerability found in dependency com.puppycrawl.tools:checkstyle
> -----------------------------------------------------------------
>
> Key: JAMES-3033
> URL: https://issues.apache.org/jira/browse/JAMES-3033
> Project: James Server
> Issue Type: Improvement
> Reporter: René Cordier
> Priority: Major
> Labels: security
>
> A vulnerability issue has been found in com.puppycrawl.tools:checkstyle :
> https://github.com/linagora/james-project/network/alert/pom.xml/com.puppycrawl.tools:checkstyle/open
> We need to fix it asap by upgrading it from version 8.23 to 8.29.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
