[jira] [Created] (FELIX-6721) CVE-2021-33813: Upgrade jdom to the latest version in maven-bundle-plugin

Xilai Dai (Jira) Mon, 22 Jul 2024 20:45:06 -0700

Xilai Dai created FELIX-6721:
--------------------------------

             Summary: CVE-2021-33813: Upgrade jdom to the latest version in 
maven-bundle-plugin
                 Key: FELIX-6721
                 URL: https://issues.apache.org/jira/browse/FELIX-6721
             Project: Felix
          Issue Type: Improvement
          Components: Maven Bundle Plugin
    Affects Versions: maven-bundle-plugin-5.1.9
            Reporter: Xilai Dai



There is a HIGH CVE https://nvd.nist.gov/vuln/detail/CVE-2021-33813 detected in 
the maven-bundle-plugin.

https://github.com/apache/felix-dev/blob/master/tools/maven-bundle-plugin/pom.xml#L274
  <dependency>
   <groupId>org.jdom</groupId>
   <artifactId>jdom</artifactId>
   <version>1.1</version>
  </dependency>

The latest jdom2/2.0.6.1 
(https://search.maven.org/artifact/org.jdom/jdom2/2.0.6.1/jar) is the fix 
version for it.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (FELIX-6721) CVE-2021-33813: Upgrade jdom to the latest version in maven-bundle-plugin

Reply via email to