You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tinkerpop.apache.org by "Aaron Coady (Jira)" <ji...@apache.org> on 2022/09/13 12:57:00 UTC

[jira] [Commented] (TINKERPOP-2771) Critical severity security vulnerabilty in commons-configuration 2.7

    [ https://issues.apache.org/jira/browse/TINKERPOP-2771?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17603561#comment-17603561 ] 

Aaron Coady commented on TINKERPOP-2771:
----------------------------------------

Given that this is a critical severity security vulnerability can we get an estimate on when this will ship?

> Critical severity security vulnerabilty in commons-configuration 2.7
> --------------------------------------------------------------------
>
>                 Key: TINKERPOP-2771
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2771
>             Project: TinkerPop
>          Issue Type: Bug
>          Components: console, server
>    Affects Versions: 3.6.0
>            Reporter: Aaron Coady
>            Assignee: Stephen Mallette
>            Priority: Major
>             Fix For: 3.7.0, 3.6.2, 3.5.5
>
>
> Apache commons configuration v2.7 has a critical severity security vulnerability identified here:
> [https://nvd.nist.gov/vuln/detail/CVE-2022-33980]
>  
> This is resolved in version 2.8.0



--
This message was sent by Atlassian Jira
(v8.20.10#820010)