You can update the dependency in your own POM or whatever dependency system you happen to have.
Gary On Mon, Nov 28, 2022, 10:28 <[email protected]> wrote: > Hi Apache CXF Dev Team, > > > > Kindly can you provide an update on my request below ? > > > > The latest version of cxf-codegen-plugin > <https://mvnrepository.com/artifact/org.apache.cxf/cxf-codegen-plugin>(3.5.4) > have dependency on cxf-tools-wsdlto-frontend-jaxws > <https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4). > This cxf-tools-wsdlto-frontend-jaxws > <https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4) > have a dependency on commons-text-1.9. The commons-text-1.9 have direct > security vulnerability as *CVE-2022-42889*. > > > > *But commons-text-1.10.0 does not have any security vulnerability. Kindly > can you let us know if there is any plan and timeline when the next verion > of cxf-codegen-plugin will be released which will have transitive > dependency on commons-text-1.10.0 ?* > > > > > > > > *Deb* > > > > > > *Thanks and Regards,* > > *Debabrata Deb* > > > > *From:* Deb,D,Debabrata,QDB C > *Sent:* 16 November 2022 18:05 > *To:* '[email protected]' <[email protected]> > *Cc:* Nagare,N,Narendra,QDH R <[email protected]> > *Subject:* RE: cxf-codegen-plugin next releases > > > > > > > > Hi Apache CXF Dev Team, > > > > Kindly can you provide an update on my request below ? > > > > > > > > *Deb* > > > > > > *Thanks and Regards,* > > *Debabrata Deb* > > > > *From:* Deb,D,Debabrata,QDB C > *Sent:* 08 November 2022 21:39 > *To:* [email protected] > *Cc:* Nagare,N,Narendra,QDH R <[email protected]> > *Subject:* cxf-codegen-plugin next releases > > > > > > > > Hi Apache CXF Dev Team, > > > > Greetings!! > > > > The latest version of cxf-codegen-plugin > <https://mvnrepository.com/artifact/org.apache.cxf/cxf-codegen-plugin>(3.5.4) > have dependency on cxf-tools-wsdlto-frontend-jaxws > <https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4). > This cxf-tools-wsdlto-frontend-jaxws > <https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4) > have a dependency on commons-text-1.9. The commons-text-1.9 have direct > security vulnerability as *CVE-2022-42889*. > > > > *But commons-text-1.10.0 does not have any security vulnerability. Kindly > can you let us know if there is any plan and timeline when the next verion > of cxf-codegen-plugin will be released which will have transitive > dependency on commons-text-1.10.0 ?* > > > > > > > > *Deb* > > > > > > *Thanks and Regards,* > > *Debabrata Deb* > > >
