Open sss-ryun opened 2 months ago
I currently have this published locally and am using it to build my first Discord4J bot
Looks like this updates breaks the compile with Java 8
Looks like this updates breaks the compile with Java 8
Strange. This compiles for me locally. I've been using it all day to transfer my old bot from JS to Kotlin. It should be fixable
I'm using Coretto 1.8
This one should be fixed for all CVEs in logback
However, lavaplayer still needs to be fixed upstream
This should target 3.2.X, I'll rebase it
Description: Fixes CVE-2021-42550, CVE-2023-34462, CVE-2023-44487, and CVE-2023-34062. Does not fix, however, Cxeb68d52e-5509, CVE-2021-37714, CVE-2020-13956, and CVE-2021-29425. These other ones need to be fixed upstream in lavaplayer.
Justification: I don't feel comfortable nor should anyone, using Discord4J as long as it has CVEs. These CVEs might not affect Discord4J, but it is better to side with caution.
This version builds and tested using
./gradlew test
.Additionally, old dependencies were updated because Discord4J uses 2-3 years old versions.