You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jena.apache.org by "Andy Seaborne (Jira)" <ji...@apache.org> on 2021/12/18 11:12:00 UTC
[jira] [Created] (JENA-2222) Dependency updates for jena-geosparql and jena-fuseki-geosparql
Andy Seaborne created JENA-2222:
-----------------------------------
Summary: Dependency updates for jena-geosparql and jena-fuseki-geosparql
Key: JENA-2222
URL: https://issues.apache.org/jira/browse/JENA-2222
Project: Apache Jena
Issue Type: Task
Components: GeoSPARQL
Affects Versions: Jena 4.3.2
Reporter: Andy Seaborne
Assignee: Andy Seaborne
Fix For: Jena 4.4.0
Found by running
{{mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -fn -f pom.xml}}
{{jdom:jdom2}} and {{commons-beanutils:commons-beanutils}} are dependencies and need updates.
jdom:jdom2 : CVE-2021-33813 : 2.0.6 -> 2.0.6.1
beanutils: CVE-2019-10086 :1.9.3->1.9.4
Also:
Ideally, the version of all dependencies should be controlled in the Jena top POM.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)