Uploaded image for project: 'Maven Wagon'
  1. Maven Wagon
  2. WAGON-612

Update jsoup to >= 1.14.2 for fix security issue

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Closed
    • Minor
    • Resolution: Won't Fix
    • 3.4.3
    • None
    • wagon-http
    • None

    Description

      There's a vulnerability report for the jsoup <= 1.14.2 https://www.cvedetails.com/cve/CVE-2021-37714

      jsoup:1.12.1 is used by wagon-http-shared:3.4.3, that triggers security bots alerts.

      Please could you update the dependency and release a new version?

      Attachments

        Issue Links

        is duplicated by

        Bug - A problem which impairs or prevents the functions of the product. MNG-7256 Maven version 3.8.2 has jsoup vulnerability

        • Major - Major loss of function.
        • Closed
        is superceded by

        Task - A task that needs to be done. WAGON-618 Remove HTTP file listing with JSoup

        • Major - Major loss of function.
        • Closed
        relates to

        Bug - A problem which impairs or prevents the functions of the product. MNG-7414 Maven version 3.8.3 + 3.8.4 have jsoup vulnerability

        • Major - Major loss of function.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            nikolay.krasko Nikolay Krasko
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment