[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Confusing org.apache.batik versions

On 27/09/2017 16:42, Roland Grunberg wrote:
On Wed, Sep 27, 2017 at 7:59 AM, Aleksandar Kurtakov
<akurtako@xxxxxxxxxx> wrote:
On Wed, Sep 27, 2017 at 1:48 PM, Ed Willink <ed@xxxxxxxxxxxxx> wrote:
I suspect that the inconsistent versions are the problem in both cases. Does
anyone know what is going on?
Batik versions prior to 1.9 suffer from
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5662
(batik-svg.jar) but removing part of batik release will raise more
questions IMHO Orbit should drop all pre 1.9 in Photon stream.
This sounds fine to me. Sorry for the confusion. I'll have them removed
for Photon M3.

From my understanding of the situation, this may break GMF Runtime. GMF Runtime currently depends on Batik 1.6, for example org.apache.batik.bridge;bundle-version="[1.6.0,1.7.0)", which itself Require-Bundle: org.apache.batik.css;bundle-version="[1.6.0,1.7.0)". If Batik 1.6 is removed from Photon M3 either GMF Runtime will not build, or (if we continue to build against an older Orbit), will fail to aggregate.


I can try to update GMF Runtime to be compatible with Batik 1.9, but currently not all parts of Batik that GMF Runtime requires are available in v1.9 in Orbit, and I'm not sure I'll have the bandwidth to make all the changes required.

--

*Pierre-Charles David*
+33 2 51 13 52 18

<http://www.obeo.fr/>

7 Boulevard AmpÃre - Carquefou - France
*obeo.fr* <http://www.obeo.fr/> | *twitter* <https://twitter.com/obeo_corp> | *linkedin* <https://www.linkedin.com/company/obeo>