[jira] [Updated] (JAMES-3033) Vulnerability found in dependency com.puppycrawl.tools:checkstyle

["René Cordier (Jira)" <se...@james.apache.org>]

     [ https://issues.apache.org/jira/browse/JAMES-3033?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

René Cordier updated JAMES-3033:
--------------------------------
    Description: 
Due to an incomplete fix for [CVE-2019-9658|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9658], checkstyle is still vulnerable to XML External Entity (XXE) Processing, thus ending up to this [CWE-611: Improper Restriction of XML External Entity Reference|https://cwe.mitre.org/data/definitions/611.html]

We need to fix it asap by upgrading it from version 8.23 to 8.29. 

  was:
A vulnerability issue has been found in com.puppycrawl.tools:checkstyle : https://github.com/linagora/james-project/network/alert/pom.xml/com.puppycrawl.tools:checkstyle/open

We need to fix it asap by upgrading it from version 8.23 to 8.29. 


> Vulnerability found in dependency com.puppycrawl.tools:checkstyle
> -----------------------------------------------------------------
>
>                 Key: JAMES-3033
>                 URL: https://issues.apache.org/jira/browse/JAMES-3033
>             Project: James Server
>          Issue Type: Improvement
>            Reporter: René Cordier
>            Priority: Major
>              Labels: security
>
> Due to an incomplete fix for [CVE-2019-9658|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9658], checkstyle is still vulnerable to XML External Entity (XXE) Processing, thus ending up to this [CWE-611: Improper Restriction of XML External Entity Reference|https://cwe.mitre.org/data/definitions/611.html]
> We need to fix it asap by upgrading it from version 8.23 to 8.29. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org