git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tooling update


Thanks, Stefan. Meanwhile, SpotBugs is reactivated in the nighlies now.
I noticed, however, that execution order is important: if SpotBugs runs
before Checkstyle,
the latter bails out because of ANTLR.

Gintas

2018-06-08 20:42 GMT+02:00 Stefan Bodewig <bodewig@xxxxxxxxxx>:

> On 2018-06-08, Gintautas Grigelionis wrote:
>
> > Then I was surprised that Dependency Check indicates that the latest
> > XZ 1.8 has a vulnerability: should we ask them to investigate?
>
> That's a false positive.
>
> https://www.cvedetails.com/cve/CVE-2015-4035/ applies to the command
> line tooling and is not related to XZ for Java at all.
>
> Stefan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@xxxxxxxxxxxxxx
> For additional commands, e-mail: dev-help@xxxxxxxxxxxxxx
>
>