You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Tibor Digana (JIRA)" <ji...@apache.org> on 2019/06/07 11:40:00 UTC
[jira] [Comment Edited] (ARCHETYPE-567) Update to dom4j 2.1.1 and
require Java 8
[ https://issues.apache.org/jira/browse/ARCHETYPE-567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16858530#comment-16858530 ]
Tibor Digana edited comment on ARCHETYPE-567 at 6/7/19 11:39 AM:
-----------------------------------------------------------------
fixed in ARCHETYPE-568
was (Author: tibor17):
ficed in ARCHETYPE-568
> Update to dom4j 2.1.1 and require Java 8
> -----------------------------------------
>
> Key: ARCHETYPE-567
> URL: https://issues.apache.org/jira/browse/ARCHETYPE-567
> Project: Maven Archetype
> Issue Type: Bug
> Affects Versions: 3.1.0
> Reporter: Tony Homer
> Assignee: Tibor Digana
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Maven archetype currently uses dom4j 1.6.1 which is vulnerable to [CVE-2018-1000632|https://nvd.nist.gov/vuln/detail/CVE-2018-1000632].
> Upgrade to 2.1.1, which is the only released version of dom4j not vulnerable to CVE-2018-1000632.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)