Uploaded image for project: 'Maven Wagon'
  1. Maven Wagon
  2. WAGON-612

Update jsoup to >= 1.14.2 for fix security issue

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Closed
    • Minor
    • Resolution: Won't Fix
    • 3.4.3
    • None
    • wagon-http
    • None

    Description

      There's a vulnerability report for the jsoup <= 1.14.2 https://www.cvedetails.com/cve/CVE-2021-37714

      jsoup:1.12.1 is used by wagon-http-shared:3.4.3, that triggers security bots alerts.

      Please could you update the dependency and release a new version?

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. MNG-7256 Maven version 3.8.2 has jsoup vulnerability

          • Major - Major loss of function.
          • Closed
          is superceded by

          Task - A task that needs to be done. WAGON-618 Remove HTTP file listing with JSoup

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MNG-7414 Maven version 3.8.3 + 3.8.4 have jsoup vulnerability

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              nikolay.krasko Nikolay Krasko
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: