[GROOVY-9001] Bump picocli to 3.9.5 from 3.9.3 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.5.6
Fix Version/s: 2.5.7
Component/s: command line processing
Labels:
None

Description

This upgrade is important: native code included in jansi-1.14 (included in Gradle 4.5.x) seems to have a bug that can crash the JVM.

(Version details: RHEL 3.10.0-327.44.2.el7.x86_64 on Java 1.8.0_112-b15
Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)).

Picocli 3.9.5 will only load jansi classes when running on Windows. Picocli versions 3.9.0 to 3.9.4 may load jansi classes when running on non-Windows platforms and are vulnerable to this problem.

Attachments

Activity

People

Assignee:: Remko Popma

Reporter:: Remko Popma

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 19/Feb/19 05:59

Updated:: 19/Feb/19 12:26

Resolved:: 19/Feb/19 12:26