[
https://issues.apache.org/jira/browse/ISIS-2300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andi Huber reassigned ISIS-2300:
--------------------------------
Assignee: Andi Huber
> Some CVEs in dependencies are threatening your project!
> -------------------------------------------------------
>
> Key: ISIS-2300
> URL: https://issues.apache.org/jira/browse/ISIS-2300
> Project: Isis
> Issue Type: Dependency upgrade
> Reporter: XuCongying
> Assignee: Andi Huber
> Priority: Major
> Fix For: 2.0.0-M3
>
>
> Hi, I noticed that your project are using vulnerable libraries which are
> related to some CVEs. To prevent potential risk it may cause, I suggest a
> library update. Please look into the details below.
> Vulnerable Library Version: org.springframework : spring-web : 5.2.2.RELEASE
> CVE ID:
> [CVE-2020-5397](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5397),
> [CVE-2020-5398](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5398)
> Import Path: core/webapp/pom.xml, viewers/wicket/viewer/pom.xml
> Suggested Safe Versions: 5.2.3.RELEASE
>
> Vulnerable Library Version: org.apache.commons : commons-email : 1.4
> CVE ID:
> [CVE-2018-1294](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1294),
> [CVE-2017-9801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9801)
> Import Path: core/runtime/pom.xml
> Suggested Safe Versions: 1.5
--
This message was sent by Atlassian Jira
(v8.3.4#803005)