Uploaded image for project: 'Apache Avro'
  1. Apache Avro
  2. AVRO-2865

Security vulnerability caused by plexus-utils:1.5.6

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.9.2
    • Fix Version/s: 1.10.0
    • Component/s: None
    • Labels:
      None

      Description

      According to X-Ray scanning of our dependencies, the current version of the maven avro plugin is due to the old plexus-utils version vulnerable to CVE-2017-1000487 and https://github.com/codehaus-plexus/plexus-utils/issues/3

       

      Both have a high severity and can be solved by upgrading plexus-utils to > 3.0.23.

      Could you please consider this in a potential new version?
      Thanks

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rskraba Ryan Skraba
                Reporter:
                heisigh Hans Heisig
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: