[TOMEE-2947] Upgrade quartz-openejb-shade in TomEE 8/9 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 9.0.0-M2, 8.0.5
Fix Version/s: 8.0.6
Component/s: TomEE Core Server
Labels:
- pull-request-available

Description

TomEE 8.0.5, 9.0.0-M3 uses quartz-openejb-shade-2.2.1.jar which has a critical security vulnerability in it (CVE-2019-13990).

An existing JIRA ticket TOMEE 2672 has produced a newer version of this jar file (2.2.4) which corrects the security issue and TomEE 7.1.4 seems to ship with that new jar file. However the change was not applied to TomEE 8 or 9 which are now less up to date than TomEE 7.

It would be great to see the new quartz-openejb-shade-2.2.4 jar file incorporated into TomEE 8 and 9.

Attachments

Activity

People

Assignee:: Richard Zowalla

Reporter:: Bruce Heavey

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/Dec/20 00:14

Updated:: 23/Dec/20 09:17

Resolved:: 23/Dec/20 09:11