You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Jonathan Gallimore (Jira)" <ji...@apache.org> on 2019/12/23 11:37:00 UTC

[jira] [Resolved] (TOMEE-2672) Update Quartz

     [ https://issues.apache.org/jira/browse/TOMEE-2672?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jonathan Gallimore resolved TOMEE-2672.
---------------------------------------
    Fix Version/s: 8.0.1
                   7.1.2
                   7.0.7
       Resolution: Fixed

> Update Quartz
> -------------
>
>                 Key: TOMEE-2672
>                 URL: https://issues.apache.org/jira/browse/TOMEE-2672
>             Project: TomEE
>          Issue Type: Dependency upgrade
>            Reporter: Jonathan Gallimore
>            Assignee: Jonathan Gallimore
>            Priority: Major
>             Fix For: 7.0.7, 7.1.2, 8.0.1
>
>
> Our shaded quartz library includes a version of quartz that is vulnerable to CVE-2019-13990 ([https://github.com/quartz-scheduler/quartz/issues/467]). Although we don't have a code-path through XMLSchedulingDataProcessor, it makes sense to patch this as a user could theoretically use it, and libraries showing up with vulnerabilities can be a blocker to using TomEE.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)