Hello, I am a new user of JIBX plugin. Thank you much for the great plugin. Currently I am using jibx-extras version 1.3.3 as dependency. I see that there is a compile dependency on dom4j:jar:1.6.1 from JIBX side.
Same dom4j version is listed in dependencies page as well. http://jibx.sourceforge.net/maven-jibx-plugin/dependencies.html dom4j version older than 2.1.1 are listed as vulnerable because of CVE-2018-1000632 https://nvd.nist.gov/vuln/detail/CVE-2018-1000632 If I override dom4j to 2.1.1 at runtime, I get runtime issues. Is it possible to update dom4j to 2.1.1, so that all the JIBX users can benefit ? Note: dom4j package changes from dom4j:dom4j to org.dom4j:dom4j in 2.x Regards Sridhar
_______________________________________________ jibx-users mailing list jibx-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jibx-users
