[jira] [Commented] (DIRAPI-372) Publish new Version on Maven Central to get rid of vulnerable dependency

Stefan Seelmann (Jira) Wed, 05 May 2021 08:39:22 -0700


    [ 
https://issues.apache.org/jira/browse/DIRAPI-372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17339719#comment-17339719
 ]


Stefan Seelmann commented on DIRAPI-372:
----------------------------------------

A new release is planned within the next weeks.

> Publish new Version on Maven Central to get rid of vulnerable dependency
> ------------------------------------------------------------------------
>
>                 Key: DIRAPI-372
>                 URL: https://issues.apache.org/jira/browse/DIRAPI-372
>             Project: Directory Client API
>          Issue Type: Wish
>    Affects Versions: 2.0.1
>            Reporter: Valentin Brandl
>            Priority: Major
>             Fix For: 2.0.2
>
>
> The current version {{2.0.1}} still depends on 
> {{org.apache.servicemix.bundles:org.apache.servicemix.bundles.dom4j:2.1.1_1}},
>  which has known vulnerabilities: 
> https://nvd.nist.gov/vuln/detail/CVE-2020-10683
> The dom4j dependency has been [updated 12 month 
> ago|https://github.com/apache/directory-ldap-api/commit/b32aaaa3881665ca6b530112b2017b2641065b07]
>  but since then, there hasn't been a new release.
> It would be nice to have a new version in maven central that removes this 
> vulnerable dependency.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Commented] (DIRAPI-372) Publish new Version on Maven Central to get rid of vulnerable dependency

Reply via email to