You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Antoine Duprat (JIRA)" <se...@james.apache.org> on 2017/11/13 09:16:00 UTC

[jira] [Closed] (JAMES-2209) Upgrade libraries containing CVEs

     [ https://issues.apache.org/jira/browse/JAMES-2209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Antoine Duprat closed JAMES-2209.
---------------------------------

> Upgrade libraries containing CVEs
> ---------------------------------
>
>                 Key: JAMES-2209
>                 URL: https://issues.apache.org/jira/browse/JAMES-2209
>             Project: James Server
>          Issue Type: Bug
>    Affects Versions: master
>            Reporter: Thibaut SAUTEREAU
>
> The following libraries were reported by the OWASP Dependency Checker as containing CVEs:
> ActiveMQ (CVE-2015-5183 and CVE-2015-5184)
>         -> upgrade from 5.15.0 to 5.15.2 (last stable)
> logback-classic (CVE-2017-5929)
>         -> upgrade from 1.1.7 to 1.1.11 (last stable of 1.1.x)
> jetty (CVE-2017-9735)
>         -> upgrade from 9.4.4 to 9.4.7.v20170914 (last stable)



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org