[FREEMARKER-190] The jar dom4j has known security issue that Freemarker compiles dependend on it - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Wish
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.3.31
Fix Version/s: 2.3.32
Component/s: engine
Labels:
None

Description

Hi, friend. When i compile the Freemarker, i find it depends on the jar dom4j ,and its version is 1.3. From the Internet, this version 1.3 of dom4j has security issues, so please upgrade to the safety version.Thanks.

The security issue number CVE-2020-10683 and link: https://nvd.nist.gov/vuln/detail/CVE-2020-10683

The Security issue number CVE-2018-1000632 and link: https://nvd.nist.gov/vuln/detail/CVE-2018-1000632.

Attachments

Activity

People

Assignee:: Dániel Dékány

Reporter:: PowerCOM_STARWAR

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 07/Sep/21 03:42

Updated:: 16/Jan/23 08:38

Resolved:: 23/Oct/21 23:10