[x3d-public] https://github.com/coderextreme/JavaSceneAuthoringInterfaceLibrary
John Carlson
yottzumm at gmail.com
Thu Dec 16 21:37:01 PST 2021
JavaSceneAuthoringInterfaceLibrary (not X3DJSAIL) repository has been
updated to log4j-2.16.0. I am aware that there are build errors, but
unless someone steps forward and says they are using it, I will not make
an effort to patch (nagasena.jar not in standard maven repositories).
John
On 12/10/21 13:51, Brutzman, Donald (Don) (CIV) wrote:
>
> Not in use by X3DJSAIL, which is standalone. Your code, your call.
>
> Thanks for sensitivity to security, agreed important, we try to be
> very explicit about X3D Security and known vulnerabilities.
>
> * X3D Resources: Security, Vulnerabilities
> * https://www.web3d.org/x3d/content/examples/X3dResources.html#Vulnerabilities
>
> all the best, Don
>
> --
>
> Don Brutzman Naval Postgraduate School, Code USW/Br brutzman at nps.edu
>
> Watkins 270, MOVES Institute, Monterey CA 93943-5000 USA +1.831.656.2149
>
> X3D graphics, virtual worlds, navy robotics https://
> faculty.nps.edu/brutzman
>
> *From:* x3d-public <x3d-public-bounces at web3d.org> *On Behalf Of *John
> Carlson
> *Sent:* Thursday, December 9, 2021 5:39 PM
> *To:* X3D Graphics public mailing list <x3d-public at web3d.org>
> *Subject:* [x3d-public]
> https://github.com/coderextreme/JavaSceneAuthoringInterfaceLibrary
>
> Multiple security vulnerabilities have showed up by way of GitHub
> dependabot in repository
>
> https://github.com/coderextreme/JavaSceneAuthoringInterfaceLibrary
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcoderextreme%2FJavaSceneAuthoringInterfaceLibrary&data=04%7C01%7Cbrutzman%40nps.edu%7C80263a38dece4ac754bb08d9bb7de7cd%7C6d936231a51740ea9199f7578963378e%7C0%7C0%7C637746972160889140%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=tWvbUgg5vkLDfMQ9oe5iLYEtFt8KNDr1%2FzEBkBBx1FQ%3D&reserved=0>
>
> I hope this isn’t currently used. I will try to make patches, but
> this repository is really out of date, and worthy of deletion.
>
> I’m guessing everyone is scrambling about now.
>
> Your thoughts?
>
> John
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20211216/07f2c18e/attachment.html>
More information about the x3d-public
mailing list