jcabi-github icon indicating copy to clipboard operation
jcabi-github copied to clipboard

Published 20 hours ago verified publisher icon jcabi

some dependencies are outdated

Open yegor256 opened this issue 9 years ago • 11 comments

See https://www.versioneye.com/user/projects/561a9e43a193340f2800106e#tab-security

xercesImpl : 2.11.0 

Apache Xerces: XMLScanner resource exhaustion
https://bugzilla.redhat.com/CVE-2013-4002
http://svn.apache.org/viewvc?view=revision&revision=1499506
https://bugzilla.redhat.com/CVE-2013-4002
http://svn.apache.org/viewvc?view=revision&revision=1499506
Affected versions: <=2.11.0

Let's upgrade to fix this.

yegor256 avatar Nov 10 '15 08:11 yegor256

@yegor256 I added bug tag to this ticket

dmarkov avatar Nov 13 '15 09:11 dmarkov

@yegor256 thanks a lot for reporting, 15 mins added to your acc, pmt ID 000-3f7adc0e

dmarkov avatar Nov 13 '15 12:11 dmarkov

@dmarkov May I have this ticket? It is blocking a ticket on Rultor that I am working on.

jacbi-github is a depedency for Rultor and Rultor also needs to upgrade to xembly .22 . In order to upgrade jcabi-github and xembly on Rultor, this needs to be upgraded first.

JimmySpivey avatar Jan 26 '16 09:01 JimmySpivey

@dmarkov May I have this ticket? It is blocking a ticket on Rultor that I am working on.

jacbi-github is a depedency for Rultor and Rultor also needs to upgrade to xembly .22 . In order to upgrade jcabi-github and xembly on Rultor, this needs to be upgraded first.

@jimdeanspivey ask @yegor256, he is the architect

dmarkov avatar Jan 28 '16 07:01 dmarkov

@yegor256 Yegor, thoughts on if I should join this project and fix this ticket ?

JimmySpivey avatar Feb 01 '16 09:02 JimmySpivey

@dmarkov please assign @JimDeanSpivey to this task

yegor256 avatar Feb 03 '16 05:02 yegor256

@dmarkov please assign @JimDeanSpivey to this task

@yegor256 OK @jimdeanspivey please go ahead, this task is yours

dmarkov avatar Feb 04 '16 10:02 dmarkov

@dmarkov Thanks. I think I need to be added to the 'jcabi-github' team in order to continue.

JimmySpivey avatar Feb 04 '16 10:02 JimmySpivey

@dmarkov Thanks. I think I need to be added to the 'jcabi-github' team in order to continue.

@jimdeanspivey no, you don't need this

dmarkov avatar Feb 08 '16 09:02 dmarkov

@jimdeanspivey the task is your hands for the last 18 days.. keep in mind that if it's not closed in the next 24 hours, it will be re-assigned to someone else, see No Obligations principle. This article should help if you're stuck; -30 added to your rating, at the moment it is: -142

dmarkov avatar Feb 23 '16 07:02 dmarkov

@jimdeanspivey this task is taking too long, I have to change the performer, sorry. Please stop working with it right now. See our no obligations principle

added -60 to your rating, now it is equal to -202

dmarkov avatar Feb 29 '16 09:02 dmarkov