Remove groovy
It was reported to the Security Team, that groovy embeds a lot of packages,
several of them security-sensitive:
/usr/share/groovy/lib/axion-1.0-M3-dev.jar
/usr/share/groovy/lib/commons-collections-3.0-dev2.jar
/usr/share/groovy/lib/commons-httpclient-2.0.1.jar
/usr/share/groovy/lib/nekohtml-0.7.7.jar
/usr/share/groovy/lib/openejb-loader-0.9.2.jar
/usr/share/groovy/lib/qdox-1.3.jar
/usr/share/groovy/lib/radeox-0.9.jar
/usr/share/groovy/lib/radeox-oro-0.9.jar
/usr/share/groovy/lib/xerces-2.4.0.jar
/usr/share/groovy/lib/xml-apis-1.0.b2.jar
/usr/share/groovy/lib/servlet-2.3.jar
/usr/share/groovy/lib/regexp.jar
/usr/share/groovy/lib/mx4j.jar
/usr/share/groovy/lib/mockobjects-core.jar
/usr/share/groovy/lib/junit.jar
/usr/share/groovy/lib/commons-logging.jar
/usr/share/groovy/lib/commons-cli.jar
/usr/share/groovy/lib/classworlds-1.0.jar
/usr/share/groovy/lib/bsf.jar
/usr/share/groovy/lib/asm-util.jar
/usr/share/groovy/lib/asm.jar
/usr/share/groovy/lib/asm-attrs.jar
/usr/share/groovy/lib/asm-analysis.jar
Since it's in contrib, it's not security-supported, but given the state of it (outdated,
hardly any users) it should likely be just removed?
Cheers,
Moritz
Reply to: