[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Confusing org.apache.batik versions

On Wed, Sep 27, 2017 at 1:48 PM, Ed Willink <ed@xxxxxxxxxxxxx> wrote:
> Hi
>
> I raised https://bugs.eclipse.org/bugs/show_bug.cgi?id=522740 but nobody
> seems to be listening...
>
> The latest Orbit has batik 1.6.0, 1.7.0, 1.9.0 whereas Oxygen had 1.6.0,
> 1.7.0, 1.8.0.
>
> Why no 1.8.0 in the latest Orbit? When trying to build/test against the
> 4.8M2 platform I either get some no-provider-for-1.8.0 build failures or
> some no-diagnosis test fails.
>
> I suspect that the inconsistent versions are the problem in both cases. Does
> anyone know what is going on?

Batik versions prior to 1.9 suffer from
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5662
(batik-svg.jar) but removing part of batik release will raise more
questions IMHO Orbit should drop all pre 1.9 in Photon stream.

>
>     Regards
>
>         Ed Willink
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
> _______________________________________________
> cross-project-issues-dev mailing list
> cross-project-issues-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev



-- 
Alexander Kurtakov
Red Hat Eclipse Team