sss-ryun
commented
2 months ago I currently have this published locally and am using it to build my first Discord4J bot
Open sss-ryun opened 2 months ago
sss-ryun
commented
2 months ago I currently have this published locally and am using it to build my first Discord4J bot
Doc94
commented
2 months ago Looks like this updates breaks the compile with Java 8
sss-ryun
commented
2 months ago Looks like this updates breaks the compile with Java 8
Strange. This compiles for me locally. I've been using it all day to transfer my old bot from JS to Kotlin. It should be fixable
sss-ryun
commented
2 months ago I'm using Coretto 1.8
sss-ryun
commented
2 months ago This one should be fixed for all CVEs in logback
sss-ryun
commented
2 months ago However, lavaplayer still needs to be fixed upstream
Azn9
commented
1 month ago This should target 3.2.X, I'll rebase it
Description: Fixes CVE-2021-42550, CVE-2023-34462, CVE-2023-44487, and CVE-2023-34062. Does not fix, however, Cxeb68d52e-5509, CVE-2021-37714, CVE-2020-13956, and CVE-2021-29425. These other ones need to be fixed upstream in lavaplayer.
Justification: I don't feel comfortable nor should anyone, using Discord4J as long as it has CVEs. These CVEs might not affect Discord4J, but it is better to side with caution.
This version builds and tested using
./gradlew test.Additionally, old dependencies were updated because Discord4J uses 2-3 years old versions.