(incubator-kie-kogito-runtimes) branch 1.40.x updated: NO_ISSUE: Overriding commons-compress version to fix CVE-2023-42503 present in 1.22 (#3268)

Tue, 31 Oct 2023 09:59:51 -0700 

This is an automated email from the ASF dual-hosted git repository.

pefernan pushed a commit to branch 1.40.x
in repository 
https://gitbox.apache.org/repos/asf/incubator-kie-kogito-runtimes.git


The following commit(s) were added to refs/heads/1.40.x by this push:
     new 2ffee8c3bb NO_ISSUE: Overriding commons-compress version to fix 
CVE-2023-42503 present in 1.22 (#3268)
2ffee8c3bb is described below

commit 2ffee8c3bb9624202520b7850e8d28befd8a9786
Author: Pere Fernández <[email protected]>
AuthorDate: Tue Oct 31 17:58:46 2023 +0100

    NO_ISSUE: Overriding commons-compress version to fix CVE-2023-42503 present 
in 1.22 (#3268)
---
 kogito-build/kogito-dependencies-bom/pom.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/kogito-build/kogito-dependencies-bom/pom.xml 
b/kogito-build/kogito-dependencies-bom/pom.xml
index f7621249f6..389cd65039 100644
--- a/kogito-build/kogito-dependencies-bom/pom.xml
+++ b/kogito-build/kogito-dependencies-bom/pom.xml
@@ -124,6 +124,7 @@
     <version.com.github.stephenc.jcip>1.0-1</version.com.github.stephenc.jcip>
     <version.black.ninia>4.1.1</version.black.ninia>
     <version.com.google.guava>32.0.1-jre</version.com.google.guava>
+    
<version.apache.commons.commons-compress>1.24.0</version.apache.commons.commons-compress>
   </properties>
 
   <dependencyManagement>
@@ -134,6 +135,13 @@
         <artifactId>guava</artifactId>
         <version>${version.com.google.guava}</version>
       </dependency>
+
+      <dependency>
+        <groupId>org.apache.commons</groupId>
+        <artifactId>commons-compress</artifactId>
+        <version>${version.apache.commons.commons-compress}</version>
+      </dependency>
+
       <dependency>
         <groupId>org.slf4j</groupId>
         <artifactId>slf4j-api</artifactId>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to