[TIKA-3230] Upgrade junit and turn off ossindex warning - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Trivial
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.25
Component/s: None
Labels:
None

Description

We're now getting this warning:

Detected 1 vulnerable components:
  junit:junit:jar:4.13:test; https://ossindex.sonatype.org/component/pkg:maven/junit/junit@4.13?utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
    * [CVE-2020-15250] In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder cont... (5.5); https://ossindex.sonatype.org/vuln/7ea56ad4-8a8b-4e51-8ed9-5aad83d8efb1?component-type=maven&component-name=junit.junit&utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1

I continued to get that warning even after upgrading to 4.13.1, even though, CVE-2020-15250 says that 4.13.1 fixes the problem. (https://nvd.nist.gov/vuln/detail/CVE-2020-15250)

So, when we upgrade, we should also configure ossindex to stop complaining about 4.13.1.

Will take this later today.

Attachments

Activity

People

Assignee:: Tim Allison

Reporter:: Tim Allison

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/Nov/20 14:54

Updated:: 18/Nov/20 19:09

Resolved:: 18/Nov/20 19:09