Hans Heisig created AVRO-2865:
---------------------------------
Summary: Security vulnerability caused by plexus-utils:1.5.6
Key: AVRO-2865
URL: https://issues.apache.org/jira/browse/AVRO-2865
Project: Apache Avro
Issue Type: Improvement
Affects Versions: 1.9.2
Reporter: Hans Heisig
Fix For: 1.9.2
According to X-Ray scanning of our dependencies, the current version of the
*maven avro plugin* is due to the old plexus-utils version vulnerable to
CVE-2017-1000487 and [https://github.com/codehaus-plexus/plexus-utils/issues/3]
Both have a high severity and can be solved by upgrading plexus-utils to >
3.0.23.
Could you please consider this in a potential new version?
Thanks
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
