Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-2947

Upgrade quartz-openejb-shade in TomEE 8/9

    XMLWordPrintableJSON

    Details

      Description

      TomEE 8.0.5, 9.0.0-M3 uses quartz-openejb-shade-2.2.1.jar which has a critical security vulnerability in it (CVE-2019-13990).

       

      An existing JIRA ticket TOMEE 2672 has produced a newer version of this jar file (2.2.4) which corrects the security issue and TomEE 7.1.4 seems to ship with that new jar file. However the change was not applied to TomEE 8 or 9 which are now less up to date than TomEE 7.

       

      It would be great to see the new quartz-openejb-shade-2.2.4 jar file incorporated into TomEE 8 and 9.

        Attachments

          Activity

            People

            • Assignee:
              rzo1 Richard Zowalla
              Reporter:
              rmtBruce Bruce Heavey
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: