Closed AbstractAlao closed 1 year ago
I'm not sure if this is going to get fixed but I found a workaround if anyone else is running into this issue.
<plugin>
<groupId>com.amashchenko.maven.plugin</groupId>
<artifactId>gitflow-maven-plugin</artifactId>
<version>1.19.0</version>
<configuration>
<versionDigitToIncrement>1</versionDigitToIncrement>
<gitFlowConfig>
<!-- Optional - uncomment if using main instead of master
<productionBranch>main</productionBranch>
-->
</gitFlowConfig>
</configuration>
<dependencies>
<dependency>
<groupId>org.apache.xbean</groupId>
<artifactId>xbean-reflect</artifactId>
<exclusions>
<exclusion>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
</plugin>
Already addressed in https://github.com/aleksandr-m/gitflow-maven-plugin/pull/365.
@aleksandr-m https://mvnrepository.com/artifact/com.amashchenko.maven.plugin/gitflow-maven-plugin/1.20.0 still shows a vulnerability: CVE-2017-1000487 - any ideas?
It another cve. Should be ok, now.
@aleksandr-m I don't think its ok because a vulnerability is still showing on https://mvnrepository.com/artifact/com.amashchenko.maven.plugin/gitflow-maven-plugin/1.20.0, can you push a new version which addresses this please
:) not so fast, but it will be when next version is released.
@aleksandr-m can I send you a PR for this to do a minor release? Just need to know which dependencies to update
When running
mvn gitflow:release -DallowSnapshots=true -DskipTestProject=true
It is downloading log4j 1.2.12
Adding the following to the plugin configuring does not work
Any chance to fix this?