You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Ben Gibbs (Jira)" <ji...@apache.org> on 2021/09/22 19:40:00 UTC

[jira] [Commented] (WAGON-612) Update jsoup to >= 1.14.2 for fix security issue

    [ https://issues.apache.org/jira/browse/WAGON-612?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17418795#comment-17418795 ] 

Ben Gibbs commented on WAGON-612:
---------------------------------

Are there any updates on this issue? Our CI pipelines are constantly complaining about this vulnerability. 

> Update jsoup to >= 1.14.2 for fix security issue
> ------------------------------------------------
>
>                 Key: WAGON-612
>                 URL: https://issues.apache.org/jira/browse/WAGON-612
>             Project: Maven Wagon
>          Issue Type: Dependency upgrade
>          Components: wagon-http
>    Affects Versions: 3.4.3
>            Reporter: Nikolay Krasko
>            Priority: Minor
>
> There's a vulnerability report for the jsoup <= 1.14.2 [https://www.cvedetails.com/cve/CVE-2021-37714|https://www.cvedetails.com/cve/CVE-2021-37714/]
> jsoup:1.12.1 is used by wagon-http-shared:3.4.3, that triggers security bots alerts. 
> Please could you update the dependency and release a new version?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)