[VALIDATOR] Update of packages used by Validator?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[VALIDATOR] Update of packages used by Validator?

Jon Champlin
 We have an internal product that we use that includes the
commons-validator package from the central Maven repository and when
running a third-party library scanner (Black Duck) on the jar file it
flagged commons-beanutils and commons-collections as having security
vulnerabilities.  I was wondering if there were plans in the near future to
release a new version of commons-validator that had the latest version of
compile dependencies for commons-beanutils, commons-collections and
commons-digester?
Reply | Threaded
Open this post in threaded view
|

Re: [VALIDATOR] Update of packages used by Validator?

garydgregory
I just updated in svn trunk the dependency Apache Commons BeanUtils from
1.9.2 to 1.9.3.

My hope is to see the community:

- Release Apache Commons Release Maven Pplugin 1.1 (this one is DONE :-)
- Release Apache Commons Parent 45 (referencing  Apache Commons Release
plugin 1.1)
- Release other Apache Commons components like Validator.

Gary


On Wed, Feb 14, 2018 at 2:11 PM, Jon Champlin <[hidden email]>
wrote:

>  We have an internal product that we use that includes the
> commons-validator package from the central Maven repository and when
> running a third-party library scanner (Black Duck) on the jar file it
> flagged commons-beanutils and commons-collections as having security
> vulnerabilities.  I was wondering if there were plans in the near future to
> release a new version of commons-validator that had the latest version of
> compile dependencies for commons-beanutils, commons-collections and
> commons-digester?
>
Reply | Threaded
Open this post in threaded view
|

Re: [VALIDATOR] Update of packages used by Validator?

Rob Tompkins


> On Mar 13, 2018, at 3:20 PM, Gary Gregory <[hidden email]> wrote:
>
> I just updated in svn trunk the dependency Apache Commons BeanUtils from
> 1.9.2 to 1.9.3.
>
> My hope is to see the community:
>
> - Release Apache Commons Release Maven Pplugin 1.1 (this one is DONE :-)
> - Release Apache Commons Parent 45 (referencing  Apache Commons Release
> plugin 1.1)
> - Release other Apache Commons components like Validator.

My plan is to test run commons-parent 45 on the next release. I’m indifferent over whether it’s Commons Text or Commons Validator. Is there a preference?

-Rob

>
> Gary
>
>
> On Wed, Feb 14, 2018 at 2:11 PM, Jon Champlin <[hidden email]>
> wrote:
>
>> We have an internal product that we use that includes the
>> commons-validator package from the central Maven repository and when
>> running a third-party library scanner (Black Duck) on the jar file it
>> flagged commons-beanutils and commons-collections as having security
>> vulnerabilities.  I was wondering if there were plans in the near future to
>> release a new version of commons-validator that had the latest version of
>> compile dependencies for commons-beanutils, commons-collections and
>> commons-digester?
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [VALIDATOR] Update of packages used by Validator?

garydgregory
On Tue, Mar 13, 2018 at 1:47 PM, Rob Tompkins <[hidden email]> wrote:

>
>
> > On Mar 13, 2018, at 3:20 PM, Gary Gregory <[hidden email]>
> wrote:
> >
> > I just updated in svn trunk the dependency Apache Commons BeanUtils from
> > 1.9.2 to 1.9.3.
> >
> > My hope is to see the community:
> >
> > - Release Apache Commons Release Maven Pplugin 1.1 (this one is DONE :-)
> > - Release Apache Commons Parent 45 (referencing  Apache Commons Release
> > plugin 1.1)
> > - Release other Apache Commons components like Validator.
>
> My plan is to test run commons-parent 45 on the next release. I’m
> indifferent over whether it’s Commons Text or Commons Validator. Is there a
> preference?
>

Selfishly, I have a need for new Commons Text sooner rather than later.

Gary


>
> -Rob
>
> >
> > Gary
> >
> >
> > On Wed, Feb 14, 2018 at 2:11 PM, Jon Champlin <[hidden email]>
> > wrote:
> >
> >> We have an internal product that we use that includes the
> >> commons-validator package from the central Maven repository and when
> >> running a third-party library scanner (Black Duck) on the jar file it
> >> flagged commons-beanutils and commons-collections as having security
> >> vulnerabilities.  I was wondering if there were plans in the near
> future to
> >> release a new version of commons-validator that had the latest version
> of
> >> compile dependencies for commons-beanutils, commons-collections and
> >> commons-digester?
> >>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: [VALIDATOR] Update of packages used by Validator?

Rob Tompkins


> On Mar 13, 2018, at 3:48 PM, Gary Gregory <[hidden email]> wrote:
>
>> On Tue, Mar 13, 2018 at 1:47 PM, Rob Tompkins <[hidden email]> wrote:
>>
>>
>>
>>> On Mar 13, 2018, at 3:20 PM, Gary Gregory <[hidden email]>
>> wrote:
>>>
>>> I just updated in svn trunk the dependency Apache Commons BeanUtils from
>>> 1.9.2 to 1.9.3.
>>>
>>> My hope is to see the community:
>>>
>>> - Release Apache Commons Release Maven Pplugin 1.1 (this one is DONE :-)
>>> - Release Apache Commons Parent 45 (referencing  Apache Commons Release
>>> plugin 1.1)
>>> - Release other Apache Commons components like Validator.
>>
>> My plan is to test run commons-parent 45 on the next release. I’m
>> indifferent over whether it’s Commons Text or Commons Validator. Is there a
>> preference?
>>
>
> Selfishly, I have a need for new Commons Text sooner rather than later.

Ok. I’ll try to do both fairly quickly. It shouldn’t be too bad as the work to release is now smaller.

-Rob

>
> Gary
>
>
>>
>> -Rob
>>
>>>
>>> Gary
>>>
>>>
>>> On Wed, Feb 14, 2018 at 2:11 PM, Jon Champlin <[hidden email]>
>>> wrote:
>>>
>>>> We have an internal product that we use that includes the
>>>> commons-validator package from the central Maven repository and when
>>>> running a third-party library scanner (Black Duck) on the jar file it
>>>> flagged commons-beanutils and commons-collections as having security
>>>> vulnerabilities.  I was wondering if there were plans in the near
>> future to
>>>> release a new version of commons-validator that had the latest version
>> of
>>>> compile dependencies for commons-beanutils, commons-collections and
>>>> commons-digester?
>>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]