[
https://issues.apache.org/jira/browse/DIRAPI-372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stefan Seelmann resolved DIRAPI-372.
------------------------------------
Resolution: Fixed
The release is on its way.
> Publish new Version on Maven Central to get rid of vulnerable dependency
> ------------------------------------------------------------------------
>
> Key: DIRAPI-372
> URL: https://issues.apache.org/jira/browse/DIRAPI-372
> Project: Directory Client API
> Issue Type: Wish
> Affects Versions: 2.0.1
> Reporter: Valentin Brandl
> Priority: Major
> Fix For: 2.0.2
>
>
> The current version {{2.0.1}} still depends on
> {{org.apache.servicemix.bundles:org.apache.servicemix.bundles.dom4j:2.1.1_1}},
> which has known vulnerabilities:
> https://nvd.nist.gov/vuln/detail/CVE-2020-10683
> The dom4j dependency has been [updated 12 month
> ago|https://github.com/apache/directory-ldap-api/commit/b32aaaa3881665ca6b530112b2017b2641065b07]
> but since then, there hasn't been a new release.
> It would be nice to have a new version in maven central that removes this
> vulnerable dependency.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
