[CVE-2015-0254] Upgrade JSTL libraries

Description

None

Environment

None

Activity

Show:
Grzegorz Grzybek
January 16, 2019, 2:48 PM

I don't like these JavaEE jars in Maven... there are zillions of jars containing javax.* classes...

currently, org.apache.geronimo.bundles:jstl:1.2_1 contains for example org.apache.taglibs.standard.extra.spath package, but it's not part of (what I think) official org.apache.taglibs:taglibs-standard*:1.2.5.

this package is also inside org.glassfish.web:javax.servlet.jsp.jstl:1.2.5 but this jar contains for example packages com.oracle.wls.shaded which I don't think we want.

org.apache.taglibs jars also do not contain c-1_0-rt.tld (and *-rt.tld versions).

Grzegorz Grzybek
January 16, 2019, 5:00 PM

Fixed here in https://github.com/ops4j/org.ops4j.pax.web/commits/pax-web-7.2.x
Fixed here in https://github.com/ops4j/org.ops4j.pax.web/commits/master

I used org.jboss.spec.javax.servlet.jstl:jboss-jstl-api_1.2_spec:1.1.4.Final which is based on org.apache.taglibs:taglibs-standard-*:1.2.5, but with org.apache.taglibs.standard.extra.spath package.

Assignee

Grzegorz Grzybek

Reporter

Grzegorz Grzybek

Labels

None

Components

Fix versions

Priority

Major
Configure