Closed TomasHofman closed 3 years ago
Any ETA on when this fix will be released into a new version?
+1 for a merge and new version
Can we have this fix into 3.x? it is not possible for us to upgrade 4.x due to packaging changes
found a good replacement from jboss repo - https://repository.jboss.org/nexus/content/repositories/thirdparty-releases/org/glassfish/jakarta.el/
There are missing copyright headers. I'll merge it and we'll add it later respecting the authorship.
We need this fix as well in v3.x as it'll be impossible at the moment to upgrade to v4.x. Could you please let us know whether you're planning to port it in v3.x and provide an ETA if so?
Thanks, Maria
is it merged in version 3.0.3 or we need to upgrade for 4.x. to fix the issue
@deepmanit The changes are in https://github.com/eclipse-ee4j/el-ri/releases/tag/3.0.4-impl but it hasn't been published to Maven Central yet.
@deepmanit The changes are in https://github.com/eclipse-ee4j/el-ri/releases/tag/3.0.4-impl but it hasn't been published to Maven Central yet.
@joschi any idea when will the 3.x be pushed to Maven central? It would be really helpful if we get it ASAP in Maven Central :)
@deepmanit The changes are in https://github.com/eclipse-ee4j/el-ri/releases/tag/3.0.4-impl but it hasn't been published to Maven Central yet.
@joschi any idea when will the 3.x be pushed to Maven central? It would be really helpful if we get it ASAP in Maven Central :)
It's been there for a month now: https://search.maven.org/artifact/com.sun.el/el-ri/3.0.4/jar
@deepmanit The changes are in https://github.com/eclipse-ee4j/el-ri/releases/tag/3.0.4-impl but it hasn't been published to Maven Central yet.
@joschi any idea when will the 3.x be pushed to Maven central? It would be really helpful if we get it ASAP in Maven Central :)
It's been there for a month now: https://search.maven.org/artifact/com.sun.el/el-ri/3.0.4/jar
@fenneclabs but I don't see jakarta.el:jakarta.el-api:3.0.4 in maven central. Am I missing something here?
@fenneclabs but I don't see jakarta.el:jakarta.el-api:3.0.4 in maven central. Am I missing something here?
Yes. The API and the implementation are separate and are provided in separate JARs. This is a vulnerability in the Glassfish implementation of the EL API so the Glassfish implementation was updated. The EL API is unaffected.
Co-authored-by: rmartinc rmartinc@redhat.com
Fixes https://github.com/eclipse-ee4j/el-ri/issues/155