[TENTACLES-19] Get rid of old velocity version and gain the ability to update to the latest ASF parent pom - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: 0.2
Labels:
None

Description

Tentacles uses an older velocity within itself, that contains a security issue CVE-2020-13936 / GHSA Id: GHSA-59j4-wjwp-mw9m
https://github.com/advisories/GHSA-59j4-wjwp-mw9m

This version uses commons-lang v2.x, which causes an issue while updating to the latest ASF v32 parent pom, as it introduces commons-lang3 by default, which results in an build error:

Caused by: org.apache.maven.plugin.PluginContainerException: A required class was missing while executing org.apache.maven.plugins:maven-jar-plugin:3.4.0:jar: org/apache/commons/io/file/attribute/FileTimes

Attachments

Issue Links

links to

GitHub Pull Request #119

GitHub Pull Request #134

Activity

People

Assignee:: Philipp Ottlinger

Reporter:: Philipp Ottlinger

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 27/Apr/24 21:49

Updated:: 16/Dec/24 23:15