[ https://issues.apache.org/jira/browse/FELIX-6721?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Rütter resolved FELIX-6721. -------------------------------- Fix Version/s: maven-bundle-plugin-6.0.0 Resolution: Fixed Dependency removed in 6.0.0. > CVE-2021-33813: Upgrade jdom to the latest version in maven-bundle-plugin > ------------------------------------------------------------------------- > > Key: FELIX-6721 > URL: https://issues.apache.org/jira/browse/FELIX-6721 > Project: Felix > Issue Type: Improvement > Components: Maven Bundle Plugin > Affects Versions: maven-bundle-plugin-5.1.9 > Reporter: Xilai Dai > Priority: Critical > Fix For: maven-bundle-plugin-6.0.0 > > > There is a HIGH CVE https://nvd.nist.gov/vuln/detail/CVE-2021-33813 detected > in the maven-bundle-plugin. > https://github.com/apache/felix-dev/blob/master/tools/maven-bundle-plugin/pom.xml#L274 > <dependency> > <groupId>org.jdom</groupId> > <artifactId>jdom</artifactId> > <version>1.1</version> > </dependency> > The latest jdom2/2.0.6.1 > (https://search.maven.org/artifact/org.jdom/jdom2/2.0.6.1/jar) is the fix > version for it. -- This message was sent by Atlassian Jira (v8.20.10#820010)