Wednesday, May 1, 2019

Re: Security Vulnerability Detected in GWT Library

Easly to update in upcoming releases than explain each other that it isn't critical :)

BTW GWT-RPC user protobuf? Thought about replacing REST with Protobuf but did not find ready to use solution (Java <-> GWT with APT generators). 


On Wednesday, April 10, 2019 at 10:28:23 AM UTC+2, wrote:
gwt-dev is only used during maven build or at least for the code server running on my workstation, this is not necessary.

May be gwt-servlet for old legacy apps thet still use GWT-RPC, but most now use REST service and REST clients.

Anyway thanks for your suggestions.

Have a nice day

Il giorno mercoledì 10 aprile 2019 10:26:00 UTC+2, Hrishikesh Joshi ha scritto:
GWT 2.8.2:


##### Description
Security Vulnerability Detected in gwt-dev.jar & gwt-servlet.jar are reported by Dependency checker tool

Below are the details -
1. Gwt-dev.jar - 
               1.1 Vulnerable version of jetty library(current version-- 9.2.14, available ) 
               1.2 Vulnerable version of commons-collections(current version - 3.2.1)
               1.3 Vulnerable version of org.apache.httpcomponents:httpclient(current version - 4.3.1)

2. Gwt-servlet.jar             
               1.1 Vulnerable version of Google Protobuf(current version - 2.5.0, available version - 3.4.0)

##### Steps to reproduce
Refer instruction from following web site.

Is community going to update 3rd party library used by GWT to remove these Vulnerability ?

You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
Visit this group at
For more options, visit

No comments:

Post a Comment