Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
1.7.0
-
None
Description
| Group | Artifact | Version used | Upgrade target |
|---|---|---|---|
| tomcat | jasper-compiler | 5.5.23 | 8.5.x |
| tomcat | jasper-runtime | 5.5.23 | 8.5.x |
Security vulnerability:
- https://www.cvedetails.com/cve/CVE-2011-1318/
- http://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-887/Apache-Tomcat.html
Maven repositories: - https://mvnrepository.com/artifact/org.apache.tomcat/tomcat-jasper
Note: These artifacts were moved to:
- New Group org.apache.tomcat
- New Artifact
Please do:
- CVE might be a false alarm or mistake. Please double check.
- double check the newest version.
- consider to remove a dependency if better alternative is available.
- check whether the lib change would introduce a backward incompatibility (in which case please add this label `breaking_change` and fix version should be the next major)
Excerpt from mvn dependency:tree
org.apache.flume:flume-ng-auth:jar:1.8.0-SNAPSHOT +- org.apache.hadoop:hadoop-common:jar:2.4.0:compile | +- tomcat:jasper-compiler:jar:5.5.23:runtime | +- tomcat:jasper-runtime:jar:5.5.23:runtime
Attachments
Issue Links
- Is contained by
-
-
- Resolved
-
- links to
