January 2018 - java-sig-commits - Fedora Mailing-Lists

[Bug 1534794] New: httpcomponents-core-4.4.9 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1534794 Bug ID: 1534794 Summary: httpcomponents-core-4.4.9 is available Product: Fedora Version: rawhide Component: httpcomponents-core Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, jerboaa(a)gmail.com, krzysztof.daniel(a)gmail.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, sochotni(a)redhat.com Latest upstream release: 4.4.9 Current version/release in rawhide: 4.4.8-1.fc28 URL: http://www.apache.org/dist/httpcomponents/httpcore/source/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/1333/ -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 3 months

1
1
0 / 0

[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-15095)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1528565 Doran Moppert <dmoppert(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1534307 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 3 months

1
0
0 / 0

[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-15095)

by bugzilla＠redhat.com

6 years, 3 months

1
0
0 / 0

[Bug 1469356] New: aether-ant-tasks: Port to XMvn 3.0.0

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1469356 Bug ID: 1469356 Summary: aether-ant-tasks: Port to XMvn 3.0.0 Product: Fedora Version: rawhide Component: aether-ant-tasks Assignee: mizdebsk(a)redhat.com Reporter: mizdebsk(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: eclipse-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com aether-ant-tasks needs porting to XMvn 3.0.0 (or retiring). aether-ant-tasks has broken dependencies in the rawhide tree: aether-ant-tasks-1.0.1-6.fc26.noarch requires xmvn-launcher -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 3 months

1
6
0 / 0

[Bug 1532899] New: jetty-schemas-4.0.1 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1532899 Bug ID: 1532899 Summary: jetty-schemas-4.0.1 is available Product: Fedora Version: rawhide Component: jetty-schemas Keywords: FutureFeature, Triaged Assignee: msimacek(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com Latest upstream release: 4.0.1 Current version/release in rawhide: 4.0.0-3.b07.fc28 URL: http://www.eclipse.org/jetty/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/11764/ -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 3 months

1
1
0 / 0

[Bug 1462702] CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

by bugzilla＠redhat.com

6 years, 3 months

1
0
0 / 0

[Bug 958733] New: plexus-utils: suspicious shell quoting in org.codehaus.plexus.util.cli

by Red Hat Bugzilla

Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=958733 Bug ID: 958733 Summary: plexus-utils: suspicious shell quoting in org.codehaus.plexus.util.cli Product: Fedora Version: 18 Component: plexus-utils Severity: unspecified Priority: unspecified Assignee: fnasser(a)redhat.com Reporter: fweimer(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fnasser(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Blocks: 958220 Category: --- The shell quoting logic in this package (and the org.codehaus.plexus.util.cli.shell) package looks fairly dangerous. It appears to be mostly dead code. Client code should be migrated to java.lang.ProcessBuilder. The different quoting options (single quotes, double quotes) are difficult to get right, and the reference to StringUtils is not particularly helpful because the caller has to provide the correct set of characters to be escaped, which is platform-dependent. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JhGrfK5sg6&a=cc_unsubscribe

6 years, 3 months

2
10
0 / 0

[Bug 1531975] New: maven-plugin-bundle-3.5.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1531975 Bug ID: 1531975 Summary: maven-plugin-bundle-3.5.0 is available Product: Fedora Version: rawhide Component: maven-plugin-bundle Keywords: FutureFeature, Triaged Assignee: msimacek(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, jaromir.capik(a)email.cz, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com Latest upstream release: 3.5.0 Current version/release in rawhide: 3.4.0-1.fc28 URL: http://repo2.maven.org/maven2/org/apache/felix/maven-bundle-plugin/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/1922/ -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
1
0 / 0

[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-15095)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1528565 Václav Kadlčík <vkadlcik(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vkadlcik(a)redhat.com -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
0
0 / 0

[Bug 1532123] CVE-2017-17837 deltaspike: Apache DeltaSpike: XSS injection vulnerability in windowId handling [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1532123 Sam Fowler <sfowler(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1532124 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits January 2018