You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Antoine Duprat (JIRA)" <se...@james.apache.org> on 2017/11/13 09:16:00 UTC
[jira] [Closed] (JAMES-2209) Upgrade libraries containing CVEs
[ https://issues.apache.org/jira/browse/JAMES-2209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Antoine Duprat closed JAMES-2209.
---------------------------------
> Upgrade libraries containing CVEs
> ---------------------------------
>
> Key: JAMES-2209
> URL: https://issues.apache.org/jira/browse/JAMES-2209
> Project: James Server
> Issue Type: Bug
> Affects Versions: master
> Reporter: Thibaut SAUTEREAU
>
> The following libraries were reported by the OWASP Dependency Checker as containing CVEs:
> ActiveMQ (CVE-2015-5183 and CVE-2015-5184)
> -> upgrade from 5.15.0 to 5.15.2 (last stable)
> logback-classic (CVE-2017-5929)
> -> upgrade from 1.1.7 to 1.1.11 (last stable of 1.1.x)
> jetty (CVE-2017-9735)
> -> upgrade from 9.4.4 to 9.4.7.v20170914 (last stable)
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org