Re: Remove groovy
On 2007-11-02, Moritz Muehlenhoff <jmm@inutil.org> wrote:
> It was reported to the Security Team, that groovy embeds a lot of packages,
> several of them security-sensitive:
>
> /usr/share/groovy/lib/axion-1.0-M3-dev.jar
> /usr/share/groovy/lib/commons-collections-3.0-dev2.jar
> /usr/share/groovy/lib/commons-httpclient-2.0.1.jar
> /usr/share/groovy/lib/nekohtml-0.7.7.jar
> /usr/share/groovy/lib/openejb-loader-0.9.2.jar
> /usr/share/groovy/lib/qdox-1.3.jar
> /usr/share/groovy/lib/radeox-0.9.jar
> /usr/share/groovy/lib/radeox-oro-0.9.jar
> /usr/share/groovy/lib/xerces-2.4.0.jar
> /usr/share/groovy/lib/xml-apis-1.0.b2.jar
> /usr/share/groovy/lib/servlet-2.3.jar
> /usr/share/groovy/lib/regexp.jar
> /usr/share/groovy/lib/mx4j.jar
> /usr/share/groovy/lib/mockobjects-core.jar
> /usr/share/groovy/lib/junit.jar
> /usr/share/groovy/lib/commons-logging.jar
> /usr/share/groovy/lib/commons-cli.jar
> /usr/share/groovy/lib/classworlds-1.0.jar
> /usr/share/groovy/lib/bsf.jar
> /usr/share/groovy/lib/asm-util.jar
> /usr/share/groovy/lib/asm.jar
> /usr/share/groovy/lib/asm-attrs.jar
> /usr/share/groovy/lib/asm-analysis.jar
>
> Since it's in contrib, it's not security-supported, but given the state of it (outdated,
> hardly any users) it should likely be just removed?
Unless anyone objects within the next days, I'll file an RM bug.
Cheers,
Moritz
Reply to: