This is an automated email from the ASF dual-hosted git repository.
haonan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new d70b5b9ee3c Bump jline version to 3.26.2 (#12956)
d70b5b9ee3c is described below
commit d70b5b9ee3cf10e68fe60ae662c679acad052b35
Author: Haonan <[email protected]>
AuthorDate: Wed Jul 17 19:23:01 2024 +0800
Bump jline version to 3.26.2 (#12956)
Dependency maven:org.jline:jline:3.23.0 is vulnerable
Upgrade to 3.26.2
CVE-2023-50572, Score: 5.5
An issue in the component "GroovyEngine.execute" of jline-groovy versions
through 3.24.1 allows attackers to cause an OOM (OutofMemory) error.
Read More:
https://devhub.checkmarx.com/cve-details/CVE-2023-50572?utm_source=jetbrains&utm_medium=referral
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index bc62daccb76..1804aa6b1b8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -102,7 +102,7 @@
<!-- This was the last version to support Java 8 -->
<jetty.version>9.4.53.v20231009</jetty.version>
<jjwt.version>0.11.5</jjwt.version>
- <jline.version>3.23.0</jline.version>
+ <jline.version>3.26.2</jline.version>
<jna.version>5.14.0</jna.version>
<json-smart.version>2.5.0</json-smart.version>
<jtransforms.version>3.1</jtransforms.version>
