Looking to use webdrivermanager-java version 5.1.0
It has a dependency on org.brotli:dec 0.1.2 (dec-0.1.2.jar), which was released in 2017.
NVD reports CVS-2020-8927 about brotli versions before 1.0.8 - but it's not specific to native or java releases.
Can anyone clarify if this CVE applies to the webdrivermanager java release? If so, is there a brotli java release planned to rectify this? 0.1.2 is the most recent in mvnrepository.
If this is an issue, would webdrivermanager consider revising its java code to use another library?
Thanks.
Bob
I'll close this now.
After further reflection, this CVE is for a "Buffer Overflow" which must refer to the full "C" based brotli code, not the small java decompression utility (Buffer Overflows are not found in Java).
Thanks.
Bob
Related
I try to install a server using Mono v.4.
The current version is 5.2.
I reached for the sources.list mono debian/snapshots/X.XX.X as recommanded
(where X.XX.X = 4.0.4, 4.8.0, 4.9.0 or 5.0.0) but it always installs the 3.2.8 or 5.0.0.100 anyway.
Has somebody the mirror to a mono 4.XX.X, please ?
Or other solution to access the mono v.4 ?
Thanks
I finally found the sources of all versions of Mono.
I let them here for those who can need.
List of Mono versions
Sources downloads.
Hope that will help.
What is the most reliable source to find the latest version number?
Is it github?
And if yes, which version should I take?
Right now, here is what I see:
Should I take the 1.0.2k?
But then 1.1.0d seems like it is more recent (if it follows semantic versioning). What do the letters actually mean?
Note: in my case this is to compile an openssl version with nginx.
Last time I picked (quite randomly) the version 1.0.2h which seemed the latest at the time.
So what is the process to follow to find the latest openssl version?
https://www.openssl.org/ shows which version are current and supported.
Currently there are two major versions in development: 1.1.0 and 1.0.2. 1.1.0 is newer and has more features. But due to the cleanups between 1.0.2 and 1.1.0 lots of undocumented API (i.e. things which never were an official API but got used anyway since no official API existed) got broken and not all software works or works stable with 1.1.0 yet. Also, 1.1.0 tends to introduce not only features but also bugs faster than 1.0.2 when looking at the release history. And with 1.1.0 the chance is higher that documented behavior changes even between patch releases.
Thus if you need the new features with 1.1.0 then go with it. If you prefer a more stable version with a smaller chance of bugs use 1.0.2. In all cases you should always use the latest patch release and keep using it if new patches get released or backport security patches.
I am running my soatest 9.9 version with java 1.7. Now i have a requirement to run the java code (written in 1.8) using my soatest 9.9. I am getting problems with some or other versioning. What are the steps to follow to successfully change the java versions with out messing up things.
Thanks in advance,
Sravanthi
Have you tried to SOAtest with additional argument?
soatest.exe -Zjava_home "C:/Program Files/Java/jdk1.8/"
I recently installed the AC6 System Workbench in order
to work with the STM32 OSXMotionFX Library
and I'm experiencing some troubles related
to the sample application shipped with this library.
Let me know if there is a better place to post such question.
It seems that the sample project works with a different
version of the STM32 Cube expansion drivers for the
X-Nucleo-IKS01A1 expansion board of the base
STM32 Nucleo-F401RE board I have.
In particular the sample project links to driver files
that are missing, some of them seem with different names
compared to the existing ones, that's why I guess
the sample project is referring to an old version of the drivers.
Any one does know how to get the previous versions of the
STM32CubeExpansion_MEMS1_V1.4.0 software ?
I did already search the ST Microelectronics web site
but to no avail, the X-CUBE-MEM1 software
is only shipped at version 2.0.0
and it seems I need the previous version.
Thanks in advance for redirecting me to the correct site in case.
You can download the sample application in the software package osxMotionFX v1.4.0. It is aligned to the new version of the X-CUBE-MEMS1 drivers (v2.0.0). Unfortunately osxMotionFX v1.3.0 is not compatible with the new version of the X-CUBE-MEMS1 drivers.
You mean that osxMotionFX v1.4.0 does not work with X-CUBE-MEMS1 v2.0.0? It is very strange. I'm able to use them without any issue. So probably, you are using osxMotionFX v1.4.0 with an old version of X-CUBE-MEMS1 package. Try to uninstall your current osxMotionFX package, download again the X-CUBE-MEMS1 package v2.0.0 and reinstall the osxMotionFX v1.4.0 over the new X-CUBE-MEMS1 package v2.0.0. Let me know if it fixes your issue.
I use sample application of osxMotionFX v1.4.0 with X-CUBE-MEMS1 v2.0.0. I'm sure that you are not using X-CUBE-MEMS1 v2.0.0 because "x_nucleo_iks01a1_accelero.h" and "x_nucleo_iks01a1_gyro.h" are only defined in X-CUBE-MEMS1 v2.0.0 and not in the previous version of the package. You can also cross-check it looking at the installation folder that you are using for osxMotionFX; if it is not "STM32CubeExpansion_MEMS1_V2.0.0", then you are using a previous version of X-CUBE-MEMS1. Please, try to download again X-CUBE-MEMS1 software package.
is there anyway that I can take a heap dump using java 1.4.1 on Solaris 9?
I'm using a very old application server and java version and would like to take a heap dump.
I'm gonna use it on production so hprof may not be an option. Is there any tools that I could install ?
Thanks
There seem to be bugs with HPROF for JDKs 1.4 and 1.4.1
Warning: JDK 1.4 and JDK 1.4.1 contains a bug in hprof. You cannot use these versions with HAT.
so you may consider upgrading to latest update from JDK 1.4.2
This way you could use backported jmap for Solaris to take a heap dump like described here.