mybatis-velocity Apache Velocity 1.7 vulnerability

[Sean Kunevich]

Thanks for your work on mybatis-velocity.  Our company has a corporate scanning tool that checks jars for known security vulnerabilities before releasing and has flagged apache-velocity 1.7 as a jar having a high security vulnerability.  We are using the latest 1.4 release of mybatis-velocity which pulls in apache-velocity 1.7.  We know we are not vulnerable but we have a blanket policy that we can no longer ignore and our jar is included in many internal projects.  I noticed that velocity is upgraded in the 2.0-SNAPSHOT https://github.com/mybatis/velocity-scripting/blob/master/pom.xml.  Do you plan on releasing 2.0 anytime soon or is there something preventing a release?

Thanks,

Sean

[Iwao AVE!]

Hi Sean,

Have you tried 2.0-SNAPSHOT with your solution?

If you could confirm it's ready, I can do the release.

Regards,

Iwao

--
You received this message because you are subscribed to the Google Groups "mybatis-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mybatis-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Sean Kunevich]

That would be amazing!  I have not tried the snapshot yet but let me do so now, run the unit tests and have our QA team run their regression tests.

Thanks,

Sean

You received this message because you are subscribed to a topic in the Google Groups "mybatis-user" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/mybatis-user/URQ0ajkUxV0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to mybatis-user...@googlegroups.com.