ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gintautas Grigelionis <g.grigelio...@gmail.com>
Subject Re: Tooling update
Date Sat, 09 Jun 2018 07:08:19 GMT
Thanks, Stefan. Meanwhile, SpotBugs is reactivated in the nighlies now.
I noticed, however, that execution order is important: if SpotBugs runs
before Checkstyle,
the latter bails out because of ANTLR.

Gintas

2018-06-08 20:42 GMT+02:00 Stefan Bodewig <bodewig@apache.org>:

> On 2018-06-08, Gintautas Grigelionis wrote:
>
> > Then I was surprised that Dependency Check indicates that the latest
> > XZ 1.8 has a vulnerability: should we ask them to investigate?
>
> That's a false positive.
>
> https://www.cvedetails.com/cve/CVE-2015-4035/ applies to the command
> line tooling and is not related to XZ for Java at all.
>
> Stefan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
> For additional commands, e-mail: dev-help@ant.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message