[jira] [Commented] (AVRO-2865) Security vulnerability caused by plexus-utils:1.5.6

Ryan Skraba (Jira) Fri, 19 Jun 2020 04:47:17 -0700


    [ 
https://issues.apache.org/jira/browse/AVRO-2865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17140470#comment-17140470
 ]


Ryan Skraba commented on AVRO-2865:
-----------------------------------

Maven 

> Security vulnerability caused by plexus-utils:1.5.6
> ---------------------------------------------------
>
>                 Key: AVRO-2865
>                 URL: https://issues.apache.org/jira/browse/AVRO-2865
>             Project: Apache Avro
>          Issue Type: Improvement
>    Affects Versions: 1.9.2
>            Reporter: Hans Heisig
>            Priority: Major
>             Fix For: 1.9.2
>
>
> According to X-Ray scanning of our dependencies, the current version of the 
> *maven avro plugin* is due to the old plexus-utils version vulnerable to 
> CVE-2017-1000487 and 
> [https://github.com/codehaus-plexus/plexus-utils/issues/3]
>  
> Both have a high severity and can be solved by upgrading plexus-utils to > 
> 3.0.23.
> Could you please consider this in a potential new version?
> Thanks



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (AVRO-2865) Security vulnerability caused by plexus-utils:1.5.6

Reply via email to