You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "François Courtault (Jira)" <ji...@apache.org> on 2019/11/13 11:57:00 UTC
[jira] [Created] (TOMEE-2737) Update some third parties because of
CVEs
François Courtault created TOMEE-2737:
-----------------------------------------
Summary: Update some third parties because of CVEs
Key: TOMEE-2737
URL: https://issues.apache.org/jira/browse/TOMEE-2737
Project: TomEE
Issue Type: Improvement
Components: TomEE Core Server
Affects Versions: 8.0.0-Final
Reporter: François Courtault
Hello,
There are several CVEs linked to some third parties embedded like jackson and xmlsec (santuario).
Could you update those third parties ?
jackson-databind from 2.9.9.3 to 2.9.10 at least--
xmlsec from 2.1.2 to 2.1.4 at least
commons-beanutils from 1.9.3 to 1.9.4 (don't know if the latest version fixes any CVE)
...
Best Regards.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)