-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Downgrade commons-lang3 to 3.14.0 to avoid entropy issues #42597
Conversation
Hum. Awesome… We are affected only starting 3.13? Should we report the issue to Liquibase? |
It seems so.
There are two issues already (on which I left comments):
and there's an open PR: liquibase/liquibase#6179 So there should be a "fixed" version of Liquibase sooner or later. Question is: What else is (potentially) affected? E.g. https://github.com/search?q=repo%3Aquarkusio%2Fquarkus%20RandomStringUtils&type=code |
I think it makes sense to merge this for now until the ecosystem has adapted. Please mark it ready for review when if all is good on your side and I'll include it in the next 3.13 and 3.14.0. |
Status for workflow
|
I see this is tagged as a backport to 3.13, any idea when that patch will be released? |
If all goes well, it will be released today. |
Details: #41962 (comment)
Draft until it's clear whether or not this is the right way to go for now.
If not, then there should at least be a hint in the migration guide (I think).