Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JPERF-791 Bump ssh-ubuntu to version without vulnerable log4j #26

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

JPERF-791 Bump ssh-ubuntu to version without vulnerable log4j #26

wants to merge 1 commit into from

Conversation

mgrzaslewicz
Copy link
Contributor

No description provided.

@mgrzaslewicz mgrzaslewicz requested a review from a team as a code owner September 21, 2022 12:25
dagguh
dagguh suggested changes Sep 30, 2022
View reviewed changes
CHANGELOG.md
Comment on lines +21 to +23
### Changed
- Bump ssh-ubuntu library to version without vulnerable log4j

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
### Changed
- Bump ssh-ubuntu library to version without vulnerable log4j

It doesn't change anything in the API (including POM). It's only affecting the local dev loop and CI, not consumers.

@CMingTseng
Copy link

I couldn't find a place to submit an issue,

so I'm raising it here (my screen only shows Pull requests).

First of all, thank you for this project.

I took a look at the build.gradle part
which also relies on

com.atlassian.performance.tools
com.atlassian.performance.tools
org.glassfish
.json:1.1
com.hierynomus:sshj:0.23.0
These Java-based libraries.

Because I want to create a Kotlin Multiplatform + Compose Multiplatform project,

I wonder if there is a project entirely in Kotlin?

Thank you.

@mgrzaslewicz
Copy link
Contributor Author

Hey @CMingTseng . As you figured out, this lib has dependencies to other java libs. There are no plans to change it and I'm not aware of similar libraries that would be free of java dependencies unfortunately

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dagguh dagguh dagguh requested changes

@ewefie ewefie Awaiting requested review from ewefie

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mgrzaslewicz @CMingTseng @dagguh