How can I update dependencies to latest versions
9 views
Skip to first unread message
Andre Alefeld
Feb 28, 2024, 9:05:31 AM2/28/24
to Restlet Framework
Hi,
can anybody tell me how I would pull in the latest libraries folder of
https://github.com/restlet/restlet-framework-java ?
I tried to update the version numbers of the dependencies in modules
pom.xml files but haven't understood how to upgrade the libraries in the
libraries folder. Is there a special procedure to achieve that ?
My intention is to create a new restlet version that is mitigating
recent CVEs. Reason was running cyclonedx sbom and jfrog xray scanner on
the code showing me lots of vulnerabilities due to rather old library
dependencies.
thanks for any help,
Andre
can anybody tell me how I would pull in the latest libraries folder of
https://github.com/restlet/restlet-framework-java ?
I tried to update the version numbers of the dependencies in modules
pom.xml files but haven't understood how to upgrade the libraries in the
libraries folder. Is there a special procedure to achieve that ?
My intention is to create a new restlet version that is mitigating
recent CVEs. Reason was running cyclonedx sbom and jfrog xray scanner on
the code showing me lots of vulnerabilities due to rather old library
dependencies.
thanks for any help,
Andre
Thierry Boileau
Apr 4, 2024, 8:02:37 AM4/4/24
to Restlet Framework, aalefeld
Hello Andre,
we are currently preparing a new release (2.4.4) that upgrades libraries to fix CVEs.
Here is the related ticket: https://github.com/restlet/restlet-framework-java/issues/1407
Can you check it fits your needs?
Best regards,
Thierry Boileau
AAlefeld
Apr 4, 2024, 5:31:39 PM4/4/24
to Thierry Boileau, Restlet Framework
Hello Thierry,
thanks for your answer. Yes it is even better to get an officially released upgrade soon. For the sake of interest are the files/directories in restlet-framework-java/libraries/ automatically upgraded or is there manual upgrade for every component necessary. I was guessing that it might get pulled in automatically by the maven dependencies and its versions.
thanks,
Andre
thanks for your answer. Yes it is even better to get an officially released upgrade soon. For the sake of interest are the files/directories in restlet-framework-java/libraries/ automatically upgraded or is there manual upgrade for every component necessary. I was guessing that it might get pulled in automatically by the maven dependencies and its versions.
thanks,
Andre
Jerome Louvel
May 11, 2024, 5:49:28 PM5/11/24
to aale...@gmail.com, Thierry Boileau, Restlet Framework
Hi Andre,
Beside the imminent release of Restlet 2,4,4, we have started to work on Restlet 2.5 branch which will offer a Maven only build, facilitating the maintenance and addressing the current situation regarding CVEs.
Stay tuned,
Jerome
To unsubscribe from this group and stop receiving emails from it, send an email to framework-disc...@restlet.org.
Reply all
Reply to author
Forward
0 new messages