Security issue in groovy<2.5.0
hello debian-java,
freeplane 1.5/1.6 added a library [1] which uses byte-buddy to fix a
security problem in groovy < 2.5.0 [2]. The fix will be included in
groovy 2.5, which should be released soon (currently at 2.5.0-beta-2).
So the question is: Can I package freeplane without the 'securegroovy'
library, expecting that groovy 2.5 will be released soon, and will
shortly after be packaged for Debian?
[1] https://github.com/dpolivaev/securegroovy/
[2] https://issues.apache.org/jira/browse/GROOVY-8163
(freeplane maps include groovy scripts which can escape the sandbox)
Thanks and Best Regards,
--
Felix Natter
Reply to: