[
https://issues.apache.org/jira/browse/FELIX-6193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jean-Baptiste Onofré reassigned FELIX-6193:
-------------------------------------------
Assignee: Jean-Baptiste Onofré
> Update maven-archiver + plexus-utils
> ------------------------------------
>
> Key: FELIX-6193
> URL: https://issues.apache.org/jira/browse/FELIX-6193
> Project: Felix
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: maven-bundle-plugin-4.2.2
>
>
> We should update the versions of maven-archiver + plexus-utils in the
> maven-bundle-plugin to remove the CVEs:
> plexus-archiver-2.8.1.jar
> (pkg:maven/org.codehaus.plexus/[email protected],
> cpe:2.3:a:plexus-archiver_project:plexus-archiver:2.8.1:*:*:*:*:*:*:*) :
> CVE-2018-1002200
> plexus-utils-3.0.10.jar (pkg:maven/org.codehaus.plexus/[email protected],
> cpe:2.3:a:plexus-utils_project:plexus-utils:3.0.10:*:*:*:*:*:*:*) :
> CVE-2017-1000487, Directory traversal in org.codehaus.plexus.util.Expand,
> Possible XML Injection
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
