Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Resolved
-
8.0.0-Final
-
None
Description
Hello,
There are several CVEs linked to some third parties embedded like jackson and xmlsec (santuario).
Could you update those third parties ?
jackson-databind from 2.9.9.3 to 2.9.10 at least--
xmlsec from 2.1.2 to 2.1.4 at least
commons-beanutils from 1.9.3 to 1.9.4 (don't know if the latest version fixes any CVE)
...
Best Regards.