Valentin Brandl created DIRAPI-372:
--------------------------------------
Summary: Publish new Version on Maven Central to get rid of
vulnerable dependency
Key: DIRAPI-372
URL: https://issues.apache.org/jira/browse/DIRAPI-372
Project: Directory Client API
Issue Type: Wish
Affects Versions: 2.0.1
Reporter: Valentin Brandl
The current version {{2.0.1}} still depends on
{{org.apache.servicemix.bundles:org.apache.servicemix.bundles.dom4j:2.1.1_1}},
which has known vulnerabilities: https://nvd.nist.gov/vuln/detail/CVE-2020-10683
The dom4j dependency has been [updated 12 month
ago|https://github.com/apache/directory-ldap-api/commit/b32aaaa3881665ca6b530112b2017b2641065b07]
but since then, there hasn't been a new release.
It would be nice to have a new version in maven central that removes this
vulnerable dependency.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
