[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Confusing org.apache.batik versions

On Wed, Sep 27, 2017 at 7:59 AM, Aleksandar Kurtakov
<akurtako@xxxxxxxxxx> wrote:
> On Wed, Sep 27, 2017 at 1:48 PM, Ed Willink <ed@xxxxxxxxxxxxx> wrote:
>> I suspect that the inconsistent versions are the problem in both cases. Does
>> anyone know what is going on?
>
> Batik versions prior to 1.9 suffer from
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5662
> (batik-svg.jar) but removing part of batik release will raise more
> questions IMHO Orbit should drop all pre 1.9 in Photon stream.

This sounds fine to me. Sorry for the confusion. I'll have them removed
for Photon M3. It was simple enough to ask 1.8 be removed as part of
introducing 1.9 as it was the same project requesting/using the updated
version.

Cheers,
Roland Grunberg