You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Hudson (Jira)" <ji...@apache.org> on 2020/03/28 15:02:04 UTC
[jira] [Commented] (MNG-6312) Update Maven Wagon dependency
[ https://issues.apache.org/jira/browse/MNG-6312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17069740#comment-17069740 ]
Hudson commented on MNG-6312:
-----------------------------
Build failed in Jenkins: Maven TLP » maven-studies » maven-metrics #4
See https://builds.apache.org/job/maven-box/job/maven-studies/job/maven-metrics/4/
> Update Maven Wagon dependency
> -----------------------------
>
> Key: MNG-6312
> URL: https://issues.apache.org/jira/browse/MNG-6312
> Project: Maven
> Issue Type: Dependency upgrade
> Affects Versions: 3.5.0
> Reporter: Sylwester Lachiewicz
> Assignee: Karl Heinz Marbaise
> Priority: Major
> Fix For: 3.5.3
>
>
> Based on OWASP report - update Maven Wagon from 2.12 to 3.0.0 to fix known vulnerability in shaded jsoup
> wagon-http-2.12-shaded.jar\META-INF/maven/org.jsoup/jsoup/pom.xml (cpe:/a:jsoup:jsoup:1.7.2, org.jsoup:jsoup:1.7.2) : CVE-2015-6748
--
This message was sent by Atlassian Jira
(v8.3.4#803005)