[DIRAPI-372] Publish new Version on Maven Central to get rid of vulnerable dependency - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Wish
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.1
Fix Version/s: 2.0.2
Labels:
None

Description

The current version 2.0.1 still depends on org.apache.servicemix.bundles:org.apache.servicemix.bundles.dom4j:2.1.1_1, which has known vulnerabilities: https://nvd.nist.gov/vuln/detail/CVE-2020-10683

The dom4j dependency has been updated 12 month ago but since then, there hasn't been a new release.

It would be nice to have a new version in maven central that removes this vulnerable dependency.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Valentin Brandl

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/May/21 11:03

Updated:: 22/May/21 11:31

Resolved:: 22/May/21 11:31