KNOX-1508 - Upgrade taglibs-standard-spec and taglibs-standard-impl to 1.2.5
Signed-off-by: Kevin Risden <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/45eee785 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/45eee785 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/45eee785 Branch: refs/heads/master Commit: 45eee785582bd003857698b49ab8b9576f9b0f82 Parents: f827495 Author: Kevin Risden <[email protected]> Authored: Thu Oct 4 09:12:45 2018 -0400 Committer: Kevin Risden <[email protected]> Committed: Thu Oct 4 10:03:12 2018 -0400 ---------------------------------------------------------------------- pom.xml | 12 ++++++++++++ 1 file changed, 12 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/45eee785/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index c5b6e43..91cb0cc 100644 --- a/pom.xml +++ b/pom.xml @@ -205,6 +205,7 @@ <slf4j.version>1.7.25</slf4j.version> <spotbugs.version>3.1.7</spotbugs.version> <spotbugs-maven-plugin.version>3.1.6</spotbugs-maven-plugin.version> + <taglibs-standard.version>1.2.5</taglibs-standard.version> <velocity.version>1.7</velocity.version> <xmltool.version>3.3</xmltool.version> <xml-matchers.version>0.10</xml-matchers.version> @@ -1427,6 +1428,17 @@ <artifactId>apache-jstl</artifactId> <version>${jetty.version}</version> </dependency> + <!-- apache-jstl includes taglibs 1.2.1 which has CVEs --> + <dependency> + <groupId>org.apache.taglibs</groupId> + <artifactId>taglibs-standard-spec</artifactId> + <version>${taglibs-standard.version}</version> + </dependency> + <dependency> + <groupId>org.apache.taglibs</groupId> + <artifactId>taglibs-standard-impl</artifactId> + <version>${taglibs-standard.version}</version> + </dependency> <!-- Websocket support --> <dependency>
