You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello. We recently started scanning our code with BlackDuck, a dependency analysis tool, and found that the version of the Apache Portable Runtime in use by UniMRCP has a number of high risk security vulnerabilities.
Are there any plans to upgrade these dependency libraries? (The latest APR, v1.7.4, shows no known vulnerabilities.)
If not, are there any known issues with later versions? Would a PR be appropriate for such an upgrade?
Thank you for your time!
The text was updated successfully, but these errors were encountered:
To follow up on this, running APR 1.5 is going to stop being an option for us by the end of this year. I'd like to try and update the APR libraries in the dependencies package myself (and submit them back to you, if you like). Are the patches used to create the dependencies libraries still out there? All the links to them in the old documentation appear to be dead. ☹️
Also, have you considered a fork to Github where the latest versions could be maintained?
In additional with version 1.5.4 impossible to maintain RPMS as example for deployments. APR 1.5.4 is required very old openssl version which contain unmaintained issues.
Hello. We recently started scanning our code with BlackDuck, a dependency analysis tool, and found that the version of the Apache Portable Runtime in use by UniMRCP has a number of high risk security vulnerabilities.
Are there any plans to upgrade these dependency libraries? (The latest APR, v1.7.4, shows no known vulnerabilities.)
If not, are there any known issues with later versions? Would a PR be appropriate for such an upgrade?
Thank you for your time!
The text was updated successfully, but these errors were encountered: