pnicolucci
commented
2 months ago Hi, @rwmajor2 this is likely due to a dependency on Xalan 2.7.2.
The implementation of Jakarta Tags has now moved to the Eclipse WaSP project.
The first Eclipse WaSP release containing the Jakarta Tags implementation was 3.2.0: https://projects.eclipse.org/projects/ee4j.wasp.
The 3.2.1 version of Eclipse WaSP has been updated to depend on Xalan 2.7.3: https://github.com/eclipse-ee4j/wasp/commit/b518d50e8cb87ddc3ba7864c91b7048b88aaf7a1.
Feel free to let me know if you have any more questions. Thanks!
Is
bcelneeded to be included in jakarta.servlet.jsp.jstl.jar? I am curious what it is used for and more importantly what version is it? It is showing up on vulnerability scans due to CVEs with bcel, but I can't find out what version it is from this repo.Thanks.