Hi Apache CXF Dev Team, Kindly can you provide an update on my request below ?
The latest version of cxf-codegen-plugin<https://mvnrepository.com/artifact/org.apache.cxf/cxf-codegen-plugin>(3.5.4) have dependency on cxf-tools-wsdlto-frontend-jaxws<https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4). This cxf-tools-wsdlto-frontend-jaxws<https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4) have a dependency on commons-text-1.9. The commons-text-1.9 have direct security vulnerability as CVE-2022-42889. But commons-text-1.10.0 does not have any security vulnerability. Kindly can you let us know if there is any plan and timeline when the next verion of cxf-codegen-plugin will be released which will have transitive dependency on commons-text-1.10.0 ? [cid:[email protected]] Deb Thanks and Regards, Debabrata Deb From: Deb,D,Debabrata,QDB C Sent: 16 November 2022 18:05 To: '[email protected]' <[email protected]> Cc: Nagare,N,Narendra,QDH R <[email protected]> Subject: RE: cxf-codegen-plugin next releases Hi Apache CXF Dev Team, Kindly can you provide an update on my request below ? [cid:[email protected]] Deb Thanks and Regards, Debabrata Deb From: Deb,D,Debabrata,QDB C Sent: 08 November 2022 21:39 To: [email protected]<mailto:[email protected]> Cc: Nagare,N,Narendra,QDH R <[email protected]<mailto:[email protected]>> Subject: cxf-codegen-plugin next releases Hi Apache CXF Dev Team, Greetings!! The latest version of cxf-codegen-plugin<https://mvnrepository.com/artifact/org.apache.cxf/cxf-codegen-plugin>(3.5.4) have dependency on cxf-tools-wsdlto-frontend-jaxws<https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4). This cxf-tools-wsdlto-frontend-jaxws<https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4) have a dependency on commons-text-1.9. The commons-text-1.9 have direct security vulnerability as CVE-2022-42889. But commons-text-1.10.0 does not have any security vulnerability. Kindly can you let us know if there is any plan and timeline when the next verion of cxf-codegen-plugin will be released which will have transitive dependency on commons-text-1.10.0 ? [cid:[email protected]] Deb Thanks and Regards, Debabrata Deb
