Sridhar, Thanks for your bug report.
I've entered a new issue in github: https://github.com/jibx/jibx/issues/14 Active maintenance of JiBX is on hold. If you would like to create a pull request, I can assess the code. Remember, dom4j is only a compile-time dependency. dom4j does not need to be included in your runtimes for JiBX to work. Cheers, Don On Thu, Mar 19, 2020 at 5:52 AM <jibx-users-requ...@lists.sourceforge.net> wrote: > Send jibx-users mailing list submissions to > jibx-users@lists.sourceforge.net > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/jibx-users > or, via email, send a message with subject or body 'help' to > jibx-users-requ...@lists.sourceforge.net > > You can reach the person managing the list at > jibx-users-ow...@lists.sourceforge.net > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of jibx-users digest..." > > > Today's Topics: > > 1. Need to update dom4j in JIBX (Sridhar Kumar) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 19 Mar 2020 07:18:15 +0000 > From: Sridhar Kumar <sridhar1...@outlook.com> > To: "jibx-users@lists.sourceforge.net" > <jibx-users@lists.sourceforge.net> > Subject: [jibx-users] Need to update dom4j in JIBX > Message-ID: > < > sn6pr03mb395201124604940223af1753ac...@sn6pr03mb3952.namprd03.prod.outlook.com > > > > Content-Type: text/plain; charset="iso-8859-1" > > Hello, > > I am a new user of JIBX plugin. Thank you much for the great plugin. > Currently I am using jibx-extras version 1.3.3 as dependency. > I see that there is a compile dependency on dom4j:jar:1.6.1 from JIBX side. > > Same dom4j version is listed in dependencies page as well. > http://jibx.sourceforge.net/maven-jibx-plugin/dependencies.html > > dom4j version older than 2.1.1 are listed as vulnerable because of > CVE-2018-1000632 > https://nvd.nist.gov/vuln/detail/CVE-2018-1000632 > > If I override dom4j to 2.1.1 at runtime, I get runtime issues. > Is it possible to update dom4j to 2.1.1, so that all the JIBX users can > benefit ? > > Note: dom4j package changes from dom4j:dom4j to org.dom4j:dom4j in 2.x > > Regards > Sridhar > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > jibx-users mailing list > jibx-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/jibx-users > > > ------------------------------ > > End of jibx-users Digest, Vol 111, Issue 1 > ****************************************** > -- Don Corley 626-664-8491 (Cell) 626-358-2903 (Home)
_______________________________________________ jibx-users mailing list jibx-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jibx-users