[ https://issues.apache.org/jira/browse/NUTCH-2979?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sebastian Nagel resolved NUTCH-2979. ------------------------------------ Resolution: Fixed Resolved, so far, without any direct action: - Nutch core still depends on 1.4 which is not affected by the CVE - the plugin any23 was removed (NUTCH-2998) - the plugin lib-htmlunit now depends on commons-text 1.10.0 after the Selenium dependency was upgraded by NUTCH-2980 > Upgrade Commons Text to 1.10.0 > ------------------------------ > > Key: NUTCH-2979 > URL: https://issues.apache.org/jira/browse/NUTCH-2979 > Project: Nutch > Issue Type: Bug > Components: build, plugin > Affects Versions: 1.19 > Reporter: Sebastian Nagel > Priority: Major > Labels: help-wanted > Fix For: 1.20 > > > In order to address > [CVE-2022-42889|https://nvd.nist.gov/vuln/detail/CVE-2022-42889] we should > upgrade to commons-text 1.10.0: > - Nutch core depends on 1.4 which is not affected by the CVE > - the plugins lib-htmlunit and any23 depend on a vulnerable commons-text > version (1.5 - 1.9) -- This message was sent by Atlassian Jira (v8.20.10#820010)