Re: Security issue in groovy<2.5.0

To: Emmanuel Bourg <ebourg@apache.org>
Cc: debian-java@lists.debian.org
Subject: Re: Security issue in groovy<2.5.0
From: Felix Natter <fnatter@gmx.net>
Date: Sat, 26 Aug 2017 18:14:10 +0200
Message-id: <[🔎] 87h8wuux0t.fsf@bitburger.home.felix>
In-reply-to: <[🔎] d6318a67-aeec-5ef8-de12-d20cccc361d1@apache.org> (Emmanuel Bourg's message of "Sat, 26 Aug 2017 17:54:14 +0200")
References: <[🔎] 87valmm50y.fsf@bitburger.home.felix> <[🔎] d6318a67-aeec-5ef8-de12-d20cccc361d1@apache.org>

Emmanuel Bourg <ebourg@apache.org> writes:

> Le 17/08/2017 à 20:18, Felix Natter a écrit :

hi Emmanuel,

>> So the question is: Can I package freeplane without the 'securegroovy'
>> library, expecting that groovy 2.5 will be released soon, and will
>> shortly after be packaged for Debian?
>
> Yes ignore securegroovy, we have to directly patch or upgrade our groovy
> package in this case.

The problem is that it may take weeks/months for groovy 2.5 to be
released, and weeks/months until it's packaged for Debian.

I would like to package freeplane 1.6.5 this/next week, and I guess
freeplane users expect that this version is safe. So shall I package
securegroovy, and throw it away soon?

Cheers and Best Regards,
-- 
Felix Natter

Reply to:

Follow-Ups:
- Re: Security issue in groovy<2.5.0
  - From: Emmanuel Bourg <ebourg@apache.org>

References:
- Security issue in groovy<2.5.0
  - From: Felix Natter <fnatter@gmx.net>
- Re: Security issue in groovy<2.5.0
  - From: Emmanuel Bourg <ebourg@apache.org>

Prev by Date: Re: Security issue in groovy<2.5.0
Next by Date: Re: Security issue in groovy<2.5.0
Previous by thread: Re: Security issue in groovy<2.5.0
Next by thread: Re: Security issue in groovy<2.5.0
Index(es):
- Date
- Thread