Replies: 7 comments 8 replies
-
Should be irrelevant for spotbugs, we don't write anything using BCEL, we only read To be clear, see |
Beta Was this translation helpful? Give feedback.
-
I understand. I got here because this trips up build pipelines for projects using the owasp dependency checker plugin :) It's not a big deal, pinning bcel to 6.6.1 works fine as a workaround |
Beta Was this translation helpful? Give feedback.
-
Looks like the bcel was updated here Looking forward to the release of 2.7.4, When will that be? Thanks in advance! |
Beta Was this translation helpful? Give feedback.
-
A little late to this thread, but also was curious about the release of 4.7.4, related to this bcel version bump. Hoping it comes soon! Perhaps @iloveeclipse you could let us know of a tentative release date? Thanks 😄 |
Beta Was this translation helpful? Give feedback.
-
When will this be resolved?
|
Beta Was this translation helpful? Give feedback.
-
how to use bcel 6.x along with spot bugs in gradle.. if I explicitly mention bcel, it is still referring to bcel 5.X |
Beta Was this translation helpful? Give feedback.
-
Going to close as we fixed in this repo already, just not released and it can be overwritten by downstreams. For maven, it was done and released here. For gradle, I would suggest raising ticket over there to override it. I looked but don't see it but think @KengoTODA could quickly get a release similar to what I did with maven. That would then satisfy the issue but otherwise issues is addressed here so no point keeping ticket open. |
Beta Was this translation helpful? Give feedback.
-
Hi. Just wanted to let you know about this CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-42920.
The good news is renovate[bot] already bumped bcel to 6.6.1 on nov 3rd
Given the severity of this CVE you might want to release 2.7.4.
Cheers!
Beta Was this translation helpful? Give feedback.
All reactions