[
https://issues.apache.org/jira/browse/AVRO-2865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17142056#comment-17142056
]
Hudson commented on AVRO-2865:
------------------------------
SUCCESS: Integrated in Jenkins build AvroJava #911 (See
[https://builds.apache.org/job/AvroJava/911/])
AVRO-2865: Remove maven 2 support. (iemejia:
[https://github.com/apache/avro/commit/95f48dd6dd51f98485d04c7359371e767579bc76])
* (edit) lang/java/maven-plugin/pom.xml
AVRO-2865: Actually bump the jar. (iemejia:
[https://github.com/apache/avro/commit/d9fae92aed6d40bb881badbbbe5eb74060efd01b])
* (edit) lang/java/maven-plugin/pom.xml
> Security vulnerability caused by plexus-utils:1.5.6
> ---------------------------------------------------
>
> Key: AVRO-2865
> URL: https://issues.apache.org/jira/browse/AVRO-2865
> Project: Apache Avro
> Issue Type: Improvement
> Affects Versions: 1.9.2
> Reporter: Hans Heisig
> Assignee: Ryan Skraba
> Priority: Major
> Fix For: 1.10.0
>
>
> According to X-Ray scanning of our dependencies, the current version of the
> *maven avro plugin* is due to the old plexus-utils version vulnerable to
> CVE-2017-1000487 and
> [https://github.com/codehaus-plexus/plexus-utils/issues/3]
>
> Both have a high severity and can be solved by upgrading plexus-utils to >
> 3.0.23.
> Could you please consider this in a potential new version?
> Thanks
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
