camel release 3.4.0 - struts-core-1.3.8.jar

[Vikas Jaiswal <vi...@saksoft.com>]

Hi,
     One of the camel components is downloading a very old struts version 1.3.8.jar . This has got security vulnerabilities. Can this please be updated?
     https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-6117/version_id-164423/Apache-Struts-1.3.8.html
Regards,
Vikas

RE: camel release 3.4.0 - struts-core-1.3.8.jar

[Vikas Jaiswal <vi...@saksoft.com>]

Hi maven dependency plugin is downloading it and not due to camel parent pom...Sorry about that.

Regards,
Vikas

-----Original Message-----
From: Andrea Cosentino [mailto:ancosen@gmail.com] 
Sent: 22 June 2020 11:07
To: users@camel.apache.org
Subject: Re: camel release 3.4.0 - struts-core-1.3.8.jar

CAUTION: DO NOT click links, open attachments, or provide sensitive information if the sender is unknown

Can you please find out the component?

Il giorno lun 22 giu 2020 alle ore 07:32 Vikas Jaiswal <vi...@saksoft.com>
ha scritto:

> If you include the camel parent pom struts component gets downloaded. Not
> sure which component is using struts.
>
> Regards,
> Vikas
>
> -----Original Message-----
> From: Andrea Cosentino [mailto:ancosen@gmail.com]
> Sent: 22 June 2020 11:00
> To: users@camel.apache.org
> Subject: Re: camel release 3.4.0 - struts-core-1.3.8.jar
>
> CAUTION: DO NOT click links, open attachments, or provide sensitive
> information if the sender is unknown
>
> What component?
>
> Il giorno lun 22 giu 2020 alle ore 07:27 Vikas Jaiswal <
> vikas.j@saksoft.com>
> ha scritto:
>
> > Hi,
> >      One of the camel components is downloading a very old struts version
> > 1.3.8.jar . This has got security vulnerabilities. Can this please be
> > updated?
> >
> >
> https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-6117/version_id-164423/Apache-Struts-1.3.8.html
> > Regards,
> > Vikas
> >
> Help reduce your carbon footprint | Think before you print. This e-mail
> and any attachments are confidential and intended solely for the addressee
> and may also be privileged or exempt from disclosure under applicable law.
> If you are not the addressee, or have received this e-mail in error, please
> notify the sender immediately, delete it from your system and do not copy,
> disclose or otherwise act upon any part of this e-mail or its attachments.
> Any opinion or other information in this e-mail or its attachments that
> does not relate to the business of the Saksoft Group is personal to the
> sender and is not given or endorsed by the Saksoft Group. Any data that you
> provide within the context of your email you will have done so with your
> own consent and GDPR controls will be applied whilst the data is controlled
> or processed within the Saksoft Group.
>
>
>
>
>
Help reduce your carbon footprint | Think before you print. This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this e-mail or its attachments. Any opinion or other information in this e-mail or its attachments that does not relate to the business of the Saksoft Group is personal to the sender and is not given or endorsed by the Saksoft Group. Any data that you provide within the context of your email you will have done so with your own consent and GDPR controls will be applied whilst the data is controlled or processed within the Saksoft Group.

Re: camel release 3.4.0 - struts-core-1.3.8.jar

[Andrea Cosentino <an...@gmail.com>]

Can you please find out the component?

Il giorno lun 22 giu 2020 alle ore 07:32 Vikas Jaiswal <vi...@saksoft.com>
ha scritto:

> If you include the camel parent pom struts component gets downloaded. Not
> sure which component is using struts.
>
> Regards,
> Vikas
>
> -----Original Message-----
> From: Andrea Cosentino [mailto:ancosen@gmail.com]
> Sent: 22 June 2020 11:00
> To: users@camel.apache.org
> Subject: Re: camel release 3.4.0 - struts-core-1.3.8.jar
>
> CAUTION: DO NOT click links, open attachments, or provide sensitive
> information if the sender is unknown
>
> What component?
>
> Il giorno lun 22 giu 2020 alle ore 07:27 Vikas Jaiswal <
> vikas.j@saksoft.com>
> ha scritto:
>
> > Hi,
> >      One of the camel components is downloading a very old struts version
> > 1.3.8.jar . This has got security vulnerabilities. Can this please be
> > updated?
> >
> >
> https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-6117/version_id-164423/Apache-Struts-1.3.8.html
> > Regards,
> > Vikas
> >
> Help reduce your carbon footprint | Think before you print. This e-mail
> and any attachments are confidential and intended solely for the addressee
> and may also be privileged or exempt from disclosure under applicable law.
> If you are not the addressee, or have received this e-mail in error, please
> notify the sender immediately, delete it from your system and do not copy,
> disclose or otherwise act upon any part of this e-mail or its attachments.
> Any opinion or other information in this e-mail or its attachments that
> does not relate to the business of the Saksoft Group is personal to the
> sender and is not given or endorsed by the Saksoft Group. Any data that you
> provide within the context of your email you will have done so with your
> own consent and GDPR controls will be applied whilst the data is controlled
> or processed within the Saksoft Group.
>
>
>
>
>

RE: camel release 3.4.0 - struts-core-1.3.8.jar

[Vikas Jaiswal <vi...@saksoft.com>]

If you include the camel parent pom struts component gets downloaded. Not sure which component is using struts.

Regards,
Vikas

-----Original Message-----
From: Andrea Cosentino [mailto:ancosen@gmail.com] 
Sent: 22 June 2020 11:00
To: users@camel.apache.org
Subject: Re: camel release 3.4.0 - struts-core-1.3.8.jar

CAUTION: DO NOT click links, open attachments, or provide sensitive information if the sender is unknown

What component?

Il giorno lun 22 giu 2020 alle ore 07:27 Vikas Jaiswal <vi...@saksoft.com>
ha scritto:

> Hi,
>      One of the camel components is downloading a very old struts version
> 1.3.8.jar . This has got security vulnerabilities. Can this please be
> updated?
>
> https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-6117/version_id-164423/Apache-Struts-1.3.8.html
> Regards,
> Vikas
>
Help reduce your carbon footprint | Think before you print. This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this e-mail or its attachments. Any opinion or other information in this e-mail or its attachments that does not relate to the business of the Saksoft Group is personal to the sender and is not given or endorsed by the Saksoft Group. Any data that you provide within the context of your email you will have done so with your own consent and GDPR controls will be applied whilst the data is controlled or processed within the Saksoft Group.

Re: camel release 3.4.0 - struts-core-1.3.8.jar

[Andrea Cosentino <an...@gmail.com>]

What component?

Il giorno lun 22 giu 2020 alle ore 07:27 Vikas Jaiswal <vi...@saksoft.com>
ha scritto:

> Hi,
>      One of the camel components is downloading a very old struts version
> 1.3.8.jar . This has got security vulnerabilities. Can this please be
> updated?
>
> https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-6117/version_id-164423/Apache-Struts-1.3.8.html
> Regards,
> Vikas
>