You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jena.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/12/19 12:13:00 UTC
[jira] [Commented] (JENA-2222) Dependency updates for jena-geosparql and jena-fuseki-geosparql
[ https://issues.apache.org/jira/browse/JENA-2222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462165#comment-17462165 ]
ASF subversion and git services commented on JENA-2222:
-------------------------------------------------------
Commit b00d66947c4c5050dea2d7375fe74222ee3cc305 in jena's branch refs/heads/main from Andy Seaborne
[ https://gitbox.apache.org/repos/asf?p=jena.git;h=b00d669 ]
Merge pull request #1135 from afs/geosparql-updates
JENA-2222: Update of dependencies used in geosparql
> Dependency updates for jena-geosparql and jena-fuseki-geosparql
> ---------------------------------------------------------------
>
> Key: JENA-2222
> URL: https://issues.apache.org/jira/browse/JENA-2222
> Project: Apache Jena
> Issue Type: Task
> Components: GeoSPARQL
> Affects Versions: Jena 4.3.2
> Reporter: Andy Seaborne
> Assignee: Andy Seaborne
> Priority: Critical
> Fix For: Jena 4.4.0
>
>
> Found by running
> {{mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -fn -f pom.xml}}
> {{jdom:jdom2}} and {{commons-beanutils:commons-beanutils}} are dependencies and need updates.
> jdom:jdom2 : CVE-2021-33813 : 2.0.6 -> 2.0.6.1
> beanutils: CVE-2019-10086 :1.9.3->1.9.4
> Also:
> Ideally, the version of all dependencies should be controlled in the Jena top POM.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)