Uploaded image for project: 'Felix'
  1. Felix
  2. FELIX-6193

Update maven-archiver + plexus-utils

    XMLWordPrintableJSON

Details

    Description

      We should update the versions of maven-archiver + plexus-utils in the maven-bundle-plugin to remove the CVEs:

      plexus-archiver-2.8.1.jar (pkg:maven/org.codehaus.plexus/plexus-archiver@2.8.1, cpe:2.3:a:plexus-archiver_project:plexus-archiver:2.8.1:::::::*) : CVE-2018-1002200
      plexus-utils-3.0.10.jar (pkg:maven/org.codehaus.plexus/plexus-utils@3.0.10, cpe:2.3:a:plexus-utils_project:plexus-utils:3.0.10:::::::*) : CVE-2017-1000487, Directory traversal in org.codehaus.plexus.util.Expand, Possible XML Injection

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. FELIX-6312 Maven Bundle Plugin removes entries from manifest since version 5

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #8

          Web Link Pull Request

          Activity

            People

              jbonofre Jean-Baptiste Onofré
              coheigea Colm O hEigeartaigh
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 10m
                  10m