Uploaded image for project: 'Directory Client API'
  1. Directory Client API
  2. DIRAPI-372

Publish new Version on Maven Central to get rid of vulnerable dependency

    XMLWordPrintableJSON

    Details

    • Type: Wish
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.1
    • Fix Version/s: 2.0.2
    • Labels:
      None

      Description

      The current version 2.0.1 still depends on org.apache.servicemix.bundles:org.apache.servicemix.bundles.dom4j:2.1.1_1, which has known vulnerabilities: https://nvd.nist.gov/vuln/detail/CVE-2020-10683

      The dom4j dependency has been updated 12 month ago but since then, there hasn't been a new release.

      It would be nice to have a new version in maven central that removes this vulnerable dependency.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              vbrandl2 Valentin Brandl
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: