You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2021/08/30 11:29:00 UTC
[jira] [Commented] (WAGON-612) Update jsoup to >= 1.14.2 for fix
security issue
[ https://issues.apache.org/jira/browse/WAGON-612?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17406685#comment-17406685 ]
Michael Osipov commented on WAGON-612:
--------------------------------------
This issue can only happen if the HttpWagon is used to list files which uses JSoup to parse the Apache HTTPd listing.
[~hboutemy], yes another reason to drop JSoup.
> Update jsoup to >= 1.14.2 for fix security issue
> ------------------------------------------------
>
> Key: WAGON-612
> URL: https://issues.apache.org/jira/browse/WAGON-612
> Project: Maven Wagon
> Issue Type: Dependency upgrade
> Components: wagon-http
> Affects Versions: 3.4.3
> Reporter: Nikolay Krasko
> Priority: Minor
>
> There's a vulnerability report for the jsoup <= 1.14.2 [https://www.cvedetails.com/cve/CVE-2021-37714|https://www.cvedetails.com/cve/CVE-2021-37714/]
> jsoup:1.12.1 is used by wagon-http-shared:3.4.3, that triggers security bots alerts.
> Please could you update the dependency and release a new version?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)