james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From René Cordier (Jira) <server-...@james.apache.org>
Subject [jira] [Commented] (JAMES-3033) Vulnerability found in dependency com.puppycrawl.tools:checkstyle
Date Mon, 03 Feb 2020 07:13:00 GMT

    [ https://issues.apache.org/jira/browse/JAMES-3033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17028711#comment-17028711

René Cordier commented on JAMES-3033:

It seems oddly enough to introduce other issues with the `CustomImportOrder` module. We have
currently it defined like this in our checkstyle.xml conf file :

<module name="CustomImportOrder">
      <property name="customImportOrderRules" value="STATIC###STANDARD_JAVA_PACKAGE###SPECIAL_IMPORTS"/>
      <property name="specialImportsRegExp" value="org"/>
      <property name="sortImportsInGroupAlphabetically" value="true"/>

Where before it seemed to work perfectly with our james import order, which should be something
like this:

import statics;

import java.*;

import javax.*;

import org.*;

import com.*; 

import the rest;

Is it true for the com.* imports though? That's what is in my IntelliJ conf but I don't see
with the conf of `CustomImportOrder` why it shouldn't be just part of the rest.

Anyway, still with the version 8.29, I get weird stuff like checkstyle is expecting having
java and javax packages together... I'm not sure if it became more strict and we did something
wrong, or if a bug has been introduced. I will dig more into it.

> Vulnerability found in dependency com.puppycrawl.tools:checkstyle
> -----------------------------------------------------------------
>                 Key: JAMES-3033
>                 URL: https://issues.apache.org/jira/browse/JAMES-3033
>             Project: James Server
>          Issue Type: Improvement
>            Reporter: René Cordier
>            Priority: Major
>              Labels: security
> A vulnerability issue has been found in com.puppycrawl.tools:checkstyle : https://github.com/linagora/james-project/network/alert/pom.xml/com.puppycrawl.tools:checkstyle/open
> We need to fix it asap by upgrading it from version 8.23 to 8.29. 

This message was sent by Atlassian Jira

To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

View raw message