Albert Wang created DIRKRB-760:
----------------------------------
Summary: The dependency library
org.jboss.xnio:xnio-api:jar:3.8.4.Final has a vulnerability
Key: DIRKRB-760
URL: https://issues.apache.org/jira/browse/DIRKRB-760
Project: Directory Kerberos
Issue Type: Bug
Affects Versions: 2.0.2
Reporter: Albert Wang
*org.apache.kerby:kerb-common:jar:2.0.2* has a dependency library
*org.jboss.xnio:xnio-api:jar:3.8.4.Final*.
*org.jboss.xnio:xnio-api:jar:3.8.4.Final* has a vulnerability CVE-2022-0084
which is fixed in *3.8.8.Final*.
Can we upgrade the dependency to *3.8.8.Final*? Or, can we confirm that
*org.apache.kerby:kerb-common:jar:2.0.2* does not use the impact method of
*org.jboss.xnio:xnio-api:jar:3.8.4*?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
