Hi Ron,
When using Maven, you must add JAR dependencies to a local Maven repository.
Then add the repository to your project, along with each of the dependencies.
Here is more info:
https://stackoverflow.com/questions/4955635/how-to-add-local-jar-files-to-a-maven-project
Hope this helps.
Jo
Hi,
I like the wording. In fact, it is more a Github project maintainer issue
that didn't filtered a new file on his repo.
The fact this repo was based on an IDE and that the threatening file
exploit this infirmation could lead to more risk using source code from
public repo, with Netbeans or not.
On 5/30/20 8:11 AM, Geertjan Wielenga wrote:
> OK, I’ll put together a blog we can refer to that will say this —
> “research has been done on GitHub that identified 26 small Ant-based
> Java projects, mostly games, some of them by the same person, none of
> the projects appeared to be enterprise/pr
Sure, there is no need to be defensive. But, there really isn’t — the
research has identified nothing that NetBeans can do or has any control
over at all. Any project’s build process can be impacted by malware. 26 of
these have been identified on GitHub — which happened to make use of
Ant-based Net
Yes, this could be good publicity right before the release!
--emi
sâm., 30 mai 2020, 16:57 Emma Atkinson a scris:
> I wouldn't treat this as a negative thing about which to be defensive. It
> can be positive and show the team in a good light.
>
> Here's a suggestion
>
> We are aware of news
I wouldn't treat this as a negative thing about which to be defensive. It
can be positive and show the team in a good light.
Here's a suggestion
We are aware of news report ... etc.
We contacted the researchers behind the news. They found 26 infected
projects. The owners have been contacted
OK, I’ll put together a blog we can refer to that will say this — “research
has been done on GitHub that identified 26 small Ant-based Java projects,
mostly games, some of them by the same person, none of the projects
appeared to be enterprise/professional, that had been infiltrated by
malware. The
Note this is not a CVE since it's not a NetBeans vulnerability.
Executing any build will run with the local user privileges on any popular
IDE and injecting something dubious in a build is trivial.
Still, I think GitHub could have approached the Apache security team so the
NetBeans PMC has a repl
LOL, still, why so much enphasis on ant with Netbeans? Just throwing out
ideas but could IDEA be behind this? given Netbeans 12 is around the corner?
It seems to me like we should put out a blog entry with some response to
this. Just so that we have a central point to refer to when people ask
about this.
However, I have no idea what that blog entry should say, beyond “if someone
wants to do so, they can inject malware into the build process of
I have a folder full of jar files.
How do I add these files to my dependencies for a Maven project?
Do I have to manually add each jar ?
Is there a way to add the jars at once?
Thanks,
Ron
Should someone from the Apache Netbeans governing team, approach Microsoft
for information on this matter?
I would have thought Microsoft GitHub would welcome any approach that might
go some way toward tackling the problem. Knowing details should enable the
Netbeans and NetbeansIDE communities to
I'm leaning towards this being a student project honestly. Why would a
company developing a legacy project grab random unknown Ant-based
projects from GitHub?
But NetBeans is used a lot for teaching and I suspect teachers don't
introduce Maven / Gradle since they are more complex and they use the
13 matches
Mail list logo
