Uploaded image for project: 'Causeway'
  1. Causeway
  2. CAUSEWAY-1635

Upgrade dependency to resteasy

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.14.0
    • 2.0.0-M2
    • Viewer RO
    • None

    Description

      org.codehaus.jackson brings in some vulnerabilities:

      [INFO] |  +- org.apache.isis.core:isis-core-viewer-restfulobjects-server:jar:1.14.0:compile
[INFO] |  |  +- org.apache.isis.core:isis-core-viewer-restfulobjects-rendering:jar:1.14.0:compile
[INFO] |  |  |  +- org.jboss.resteasy:resteasy-jaxb-provider:jar:3.0.14.Final:compile
[INFO] |  |  |  |  +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
[INFO] |  |  |  |  |  +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
[INFO] |  |  |  |  |  |  +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
[INFO] |  |  |  |  |  |  \- com.sun.istack:istack-commons-runtime:jar:2.16:compile
[INFO] |  |  |  |  |  \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
[INFO] |  |  |  |  |     \- javax.xml.bind:jsr173_api:jar:1.0:compile
[INFO] |  |  |  |  \- org.jboss.logging:jboss-logging:jar:3.1.4.GA:compile
[INFO] |  |  |  +- org.jboss.resteasy:resteasy-jackson-provider:jar:3.0.14.Final:compile
[INFO] |  |  |  |  +- org.codehaus.jackson:jackson-core-asl:jar:1.9.12:compile
[INFO] |  |  |  |  +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.12:compile
[INFO] |  |  |  |  +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.12:compile
[INFO] |  |  |  |  \- org.codehaus.jackson:jackson-xc:jar:1.9.12:compile

      Please upgrade to 3.1.3Final if feasible:

      <dependency>
    <groupId>org.jboss.resteasy</groupId>
    <artifactId>resteasy-jaxb-provider</artifactId>
    <version>3.1.3.Final</version>
</dependency>
<dependency>
    <groupId>org.jboss.resteasy</groupId>
    <artifactId>resteasy-jackson-provider</artifactId>
    <version>3.1.3.Final</version>
</dependency>

      Attachments

        Issue Links

        Is contained by

        Improvement - An improvement or enhancement to an existing feature or task. CAUSEWAY-1779 Transition to JAX-RS 2.0 Client API

        • Major - Major loss of function.
        • Closed
        relates to

        Improvement - An improvement or enhancement to an existing feature or task. CAUSEWAY-1771 Restful viewer shows unreadable warnings

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            hobrom Andi Huber
            joerg.rade Jörg Rade
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment