Re: Security issue in groovy<2.5.0
Emmanuel Bourg <ebourg@apache.org> writes:
> Le 17/08/2017 à 20:18, Felix Natter a écrit :
hi Emmanuel,
>> So the question is: Can I package freeplane without the 'securegroovy'
>> library, expecting that groovy 2.5 will be released soon, and will
>> shortly after be packaged for Debian?
>
> Yes ignore securegroovy, we have to directly patch or upgrade our groovy
> package in this case.
The problem is that it may take weeks/months for groovy 2.5 to be
released, and weeks/months until it's packaged for Debian.
I would like to package freeplane 1.6.5 this/next week, and I guess
freeplane users expect that this version is safe. So shall I package
securegroovy, and throw it away soon?
Cheers and Best Regards,
--
Felix Natter
Reply to: