Uploaded image for project: 'Directory Client API'
  1. Directory Client API
  2. DIRAPI-372

Publish new Version on Maven Central to get rid of vulnerable dependency

Attach filesAttach ScreenshotWatch issueCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Wish
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.0.1
    • 2.0.2
    • None

    Description

      The current version 2.0.1 still depends on org.apache.servicemix.bundles:org.apache.servicemix.bundles.dom4j:2.1.1_1, which has known vulnerabilities: https://nvd.nist.gov/vuln/detail/CVE-2020-10683

      The dom4j dependency has been updated 12 month ago but since then, there hasn't been a new release.

      It would be nice to have a new version in maven central that removes this vulnerable dependency.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            vbrandl2 Valentin Brandl
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment