Security flaws scanned by Veracode, including very high flaws #72
Comments
|
There are new version of JNA https:/java-native-access/jna/releases, are you interesting in upgrading to its new version? |
|
There are also new version of rhino https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Download_Rhino. |
|
Vic,
looks like proxy-vole is dead. Markus doesn't answer here anymore except
'Yes, I want to do something, but have no time' for months now. Even
pull requests are not fulfilled, it seems. :-( One word to Rhino:
Having a look into the issues list you'll find efforts to replace Rhino
to something else because of known problems and anavailability on Java
11 anymore.Again: No answer from Markus.
Looks like we have to find another library. It even would help if Markus
declares the end of proxy-vole officially so that someone else could
take it over.
Sorry,
Guido
Am 24.09.2019 um 08:14 schrieb Vic Zhang:
…
Hi @MarkusBernhardt <https:/MarkusBernhardt> ,
We scanned proxy-vole on Veracode, and found some very high flaws as
following:
image
<https://user-images.githubusercontent.com/2956318/65485636-f8327480-ded4-11e9-9819-bfa0c27bd1f9.png>
image
<https://user-images.githubusercontent.com/2956318/65485870-91fa2180-ded5-11e9-826f-0a45cb74a278.png>
Seems it's caused by rhino 1.7.7 and JNA 4.2.2. Would you like to take
a look at them? or confirm with rhino or Veracode?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#72?email_source=notifications&email_token=AFQHM34G3Q6FHHZKTFWIJHLQLGV4JA5CNFSM4IZ3GCY2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HNG5SDQ>,
or mute the thread
<https:/notifications/unsubscribe-auth/AFQHM33W7WOSPBU7VJUBVKLQLGV4JANCNFSM4IZ3GCYQ>.
--
Tel. +49 (211) 909995-15
Fax. +49 (211) 909995-715
Mob. +49 (172) 2422575
CRE-DO GmbH
Benrather Schlossallee 94
40597 Duesseldorf
Germany
Managing Director: Guido Schnepp
Registered at: AG Duesseldorf, HRB 66540
|
|
Thanks for your reply @gschnepp . Yeah, we may need to find another choice if this is no longer maintained. |
|
#response_container_BBPPID{font-family: initial; font-size:initial; color: initial;} Vic, No, not yet unfortunately. That's the real drama. Proxy-vole would be fully OK with an active maintainer.Proxies are not my native business so I don't have enough knowledge on this to feel good with an own fork. Guido Von: [email protected]: 25. September 2019 09:04An: [email protected]: [email protected]: [email protected]; [email protected]: Re: [MarkusBernhardt/proxy-vole] Security flaws scanned by Veracode, including very high flaws (#72) Thanks for your reply @gschnepp . Yeah, we may need to find another choice. Do you have one now?
—You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Markus doesn't answer any issues or pull requests here for nearly a year now. This project is dead, I think. Unfortunately. :-( |
|
@gschnepp I'm using proxy-vole in my RouteConverter application and stumbled across some NullPointerException problems. And read your comments below the issues. Are you aware of an accepted fork of proxy-vole? Or even willing to fork and maintain it? |
|
@cpesch No, unfortunately neither. Well, I'd like to be aware of a fork, but I don't know any. And I don't have enough knowledge of proxies in general to do it. |
|
https:/akuhtz/proxy-vole/commits/master seems to be a promising fork. I've integrated some commits from other forks into it. Release is published here: |
|
Sounds promising! At least it's more living than this here. Thanks! |
Hi @MarkusBernhardt ,
We scanned proxy-vole on Veracode, and found some very high flaws as following:
Seems it's caused by rhino 1.7.7 and JNA 4.2.2. Would you like to take a look at them? or confirm with rhino or Veracode?
The text was updated successfully, but these errors were encountered: