Comments (3)
from bt.
Most likely this is due to the gradle equivalent of CVE-2021-26291 - https://maven.apache.org/docs/3.8.1/release-notes.html
As the 4thline.org repo lacks https, there's no easy fix. A release of cling probably should be uploaded to maven central, but as there's no maintainer and it hasn't been updated in years, I doubt this will be done any time soon.
from bt.
Greetings, dear friends
I've "fixed" it this way. I know it's insecure, but I really don't know any other way
repositories {
mavenCentral()
maven {
url = uri("http://4thline.org/m2")
isAllowInsecureProtocol = true
}
}
I believe the real fix is making a Cling fork and releasing the artifacts on maven central, and changing the dependencies in the BT project to the new fork. I also see many different CVE on the libraries, it might be interesting maintaining them
Thank you for your support!
from bt.
Related Issues (20)
- [BUG] Deadlock HOT 1
- [QUESTION] Why do process handles keep increasing. HOT 19
- [BUG] Something dCan the project run directly? What I need is to get the metadata according to infohashoes not work as it should HOT 5
- [BUG] Many Incoming Encryption fail with InvalidMessage HOT 1
- [BUG] Weird metainfo validation error in CLI HOT 3
- [BUG] springboot use HOT 1
- Webtorrent support? HOT 5
- how to download the file range pieces? HOT 2
- [BUG] Something does not work as it should
- Running CliClient.java Locally Reports an Error HOT 1
- java.lang.NoSuchMethodError: No virtual method getAnnotatedSuperclass()Ljava/lang/reflect/AnnotatedType; in class Ljava/lang/Class; or its super classes (declaration of 'java.lang.Class' appears in /apex/com.android.art/javalib/core-oj.jar) HOT 2
- Vulnerable dependencies
- [BUG] Cling 2.2.1 not found in Maven Central HOT 3
- How to access DHT Database at runtime? HOT 1
- Stopping client and stopWhenDownloaded() throws java.lang.RuntimeException HOT 1
- How can I get the info.files[0].filehash info
- [BUG] Something does not work as it should
- Dependency org.yaml:snakeyaml, leading to CVE problem
- Does it support Android?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bt.