[
https://issues.apache.org/jira/browse/MCHECKSTYLE-366?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16793078#comment-16793078
]
Li Xu commented on MCHECKSTYLE-366:
-----------------------------------
Another motivation to catch up:
[CVE-2019-9658|https://nvd.nist.gov/vuln/detail/CVE-2019-9658].
> Upgrade checkstyle to a more recent version
> -------------------------------------------
>
> Key: MCHECKSTYLE-366
> URL: https://issues.apache.org/jira/browse/MCHECKSTYLE-366
> Project: Maven Checkstyle Plugin
> Issue Type: Dependency upgrade
> Affects Versions: 3.0.0
> Reporter: Olivier Grégoire
> Assignee: Enrico Olivelli
> Priority: Major
>
> Version 3.0.0 still uses checkstyle 6.18.
>
> The google_checks.xml of 6.18 contains a rule that says "com.google" imports
> must be first. This was [removed in
> 2016|https://github.com/checkstyle/checkstyle/commit/81ad4595fe3a916551d73e467044c87d8462dba6#diff-c55cd603ef6597463971db3f33f4f4c8]
> yet the latest version of checkstyle (3.0.0 of January 2018) still says I
> should use that version of 2016 which has the dummy rule that com.google
> imports should come first.
>
> I know it's overridable, but the bottom line is that checkstyle relies on an
> really outdated version of checkstyle which has total nonsense in it.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
