Easly to update in upcoming releases than explain each other that it isn't critical :)
-- BTW GWT-RPC user protobuf? Thought about replacing REST with Protobuf but did not find ready to use solution (Java <-> GWT with APT generators).
Stas.
On Wednesday, April 10, 2019 at 10:28:23 AM UTC+2, luca....@gmail.com wrote:
On Wednesday, April 10, 2019 at 10:28:23 AM UTC+2, luca....@gmail.com wrote:
gwt-dev is only used during maven build or at least for the code server running on my workstation, this is not necessary.May be gwt-servlet for old legacy apps thet still use GWT-RPC, but most now use REST service and REST clients.Anyway thanks for your suggestions.Have a nice day
Il giorno mercoledì 10 aprile 2019 10:26:00 UTC+2, Hrishikesh Joshi ha scritto:GWT 2.8.2:AllAll---##### DescriptionSecurity Vulnerability Detected in gwt-dev.jar & gwt-servlet.jar are reported by Dependency checker toolBelow are the details -1. Gwt-dev.jar -1.1 Vulnerable version of jetty library(current version-- 9.2.14, available )1.2 Vulnerable version of commons-collections(current version - 3.2.1)1.3 Vulnerable version of org.apache.httpcomponents:httpclient(current version - 4.3.1) 2. Gwt-servlet.jar1.1 Vulnerable version of Google Protobuf(current version - 2.5.0, available version - 3.4.0)##### Steps to reproduceRefer instruction from following web site.Is community going to update 3rd party library used by GWT to remove these Vulnerability ?
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment