Uploaded image for project: 'Apache Tentacles'
  1. Apache Tentacles
  2. TENTACLES-19

Get rid of old velocity version and gain the ability to update to the latest ASF parent pom v32

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None

    Description

      Tentacles uses an older velocity within itself, that contains a security issue CVE-2020-13936 / GHSA Id: GHSA-59j4-wjwp-mw9m
      https://github.com/advisories/GHSA-59j4-wjwp-mw9m

      This version uses commons-lang v2.x, which causes an issue while updating to the latest ASF v32 parent pom, as it introduces commons-lang3 by default, which results in an build error:

      Caused by: org.apache.maven.plugin.PluginContainerException: A required class was missing while executing org.apache.maven.plugins:maven-jar-plugin:3.4.0:jar: org/apache/commons/io/file/attribute/FileTimes

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #119

          Activity

            People

              pottlinger Philipp Ottlinger
              pottlinger Philipp Ottlinger
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: