AppSecConcierge
commented
3 years ago Any ETA on when this fix will be released into a new version?
Closed TomasHofman closed 3 years ago
AppSecConcierge
commented
3 years ago Any ETA on when this fix will be released into a new version?
eskimopip
commented
3 years ago +1 for a merge and new version
dantran
commented
3 years ago Can we have this fix into 3.x? it is not possible for us to upgrade 4.x due to packaging changes
dantran
commented
3 years ago found a good replacement from jboss repo - https://repository.jboss.org/nexus/content/repositories/thirdparty-releases/org/glassfish/jakarta.el/
m0mus
commented
3 years ago There are missing copyright headers. I'll merge it and we'll add it later respecting the authorship.
mmkamburova
commented
3 years ago We need this fix as well in v3.x as it'll be impossible at the moment to upgrade to v4.x. Could you please let us know whether you're planning to port it in v3.x and provide an ETA if so?
Thanks, Maria
deepmanit
commented
3 years ago is it merged in version 3.0.3 or we need to upgrade for 4.x. to fix the issue
joschi
commented
3 years ago @deepmanit The changes are in https://github.com/eclipse-ee4j/el-ri/releases/tag/3.0.4-impl but it hasn't been published to Maven Central yet.
Sachpat
commented
3 years ago @deepmanit The changes are in https://github.com/eclipse-ee4j/el-ri/releases/tag/3.0.4-impl but it hasn't been published to Maven Central yet.
@joschi any idea when will the 3.x be pushed to Maven central? It would be really helpful if we get it ASAP in Maven Central :)
fenneclabs
commented
3 years ago @deepmanit The changes are in https://github.com/eclipse-ee4j/el-ri/releases/tag/3.0.4-impl but it hasn't been published to Maven Central yet.
@joschi any idea when will the 3.x be pushed to Maven central? It would be really helpful if we get it ASAP in Maven Central :)
It's been there for a month now: https://search.maven.org/artifact/com.sun.el/el-ri/3.0.4/jar
Sachpat
commented
3 years ago @deepmanit The changes are in https://github.com/eclipse-ee4j/el-ri/releases/tag/3.0.4-impl but it hasn't been published to Maven Central yet.
@joschi any idea when will the 3.x be pushed to Maven central? It would be really helpful if we get it ASAP in Maven Central :)
It's been there for a month now: https://search.maven.org/artifact/com.sun.el/el-ri/3.0.4/jar
@fenneclabs but I don't see jakarta.el:jakarta.el-api:3.0.4 in maven central. Am I missing something here?
markt-asf
commented
3 years ago @fenneclabs but I don't see jakarta.el:jakarta.el-api:3.0.4 in maven central. Am I missing something here?
Yes. The API and the implementation are separate and are provided in separate JARs. This is a vulnerability in the Glassfish implementation of the EL API so the Glassfish implementation was updated. The EL API is unaffected.
Co-authored-by: rmartinc rmartinc@redhat.com
Fixes https://github.com/eclipse-ee4j/el-ri/issues/155