maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sylwester Lachiewicz (Jira)" <j...@apache.org>
Subject [jira] [Closed] (MINDEXER-120) Remove TrueZip dependency
Date Wed, 05 Feb 2020 22:50:00 GMT

     [ https://issues.apache.org/jira/browse/MINDEXER-120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sylwester Lachiewicz closed MINDEXER-120.
-----------------------------------------
    Resolution: Fixed

> Remove TrueZip dependency
> -------------------------
>
>                 Key: MINDEXER-120
>                 URL: https://issues.apache.org/jira/browse/MINDEXER-120
>             Project: Maven Indexer
>          Issue Type: Improvement
>            Reporter: Sylwester Lachiewicz
>            Assignee: Sylwester Lachiewicz
>            Priority: Major
>             Fix For: 6.0.1
>
>
> Starting from Java 7 b55 [4681995|https://bugs.java.com/bugdatabase/view_bug.do?bug_id=4681995] we
have support for big zip files (ZIP64) in core java.
> Removing TrueZip would also remove dependency to potentially vulnerable dependencies org.bouncycastle:bcprov-jdk15on
and org.apache.commons:commons-compress
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32368]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32366]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32361]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32362]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32340]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32364]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-32473]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-72275]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32367]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32363]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-173771]
> [https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-32365]
>  
> Credits to: [https://snyk.io/]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message