You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Martin Wiesner (Jira)" <ji...@apache.org> on 2019/11/13 14:39:00 UTC
[jira] [Closed] (TOMEE-2737) Update some third parties because of
CVEs
[ https://issues.apache.org/jira/browse/TOMEE-2737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Wiesner closed TOMEE-2737.
---------------------------------
Resolution: Resolved
As reported by [~jgallimore], these dependency update tasks have been resolved already. Closing issue for next release.
> Update some third parties because of CVEs
> -----------------------------------------
>
> Key: TOMEE-2737
> URL: https://issues.apache.org/jira/browse/TOMEE-2737
> Project: TomEE
> Issue Type: Improvement
> Components: TomEE Core Server
> Affects Versions: 8.0.0-Final
> Reporter: François Courtault
> Priority: Major
> Fix For: 8.0.1
>
>
> Hello,
> There are several CVEs linked to some third parties embedded like jackson and xmlsec (santuario).
> Could you update those third parties ?
> jackson-databind from 2.9.9.3 to 2.9.10 at least--
> xmlsec from 2.1.2 to 2.1.4 at least
> commons-beanutils from 1.9.3 to 1.9.4 (don't know if the latest version fixes any CVE)
> ...
> Best Regards.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)