sseide opened a new pull request #648: URL: https://github.com/apache/jmeter/pull/648
## Description Currently used version 2.3 of `xmlgraphics-commons` has a security problem parsing some input with its XMPParser. ## Motivation and Context Fix medium security warning CVE-2020-11988 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11988) ## How Has This Been Tested? running `gradlew test` and `gradlew check` finished with success. Used this updated lib ourself (but we do not handle graphics with jmeter, therefore may not trigger code related to this library). changelog of xmlgraphics-commons does not mention any problematic changes for version 2.4 and 2.6 (all releases after currently used 2.3) ## Screenshots (if appropriate): ## Types of changes <!--- What types of changes does your code introduce? Delete as appropriate --> - Bug fix (non-breaking change which fixes an issue) ## Checklist: <!--- Go over all the following points, and put an `x` in all the boxes that apply. --> <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] My code follows the [code style][style-guide] of this project. - [x] I have updated the documentation accordingly. [style-guide]: https://wiki.apache.org/jmeter/CodeStyleGuidelines ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
