[
https://issues.apache.org/jira/browse/NUTCH-2979?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sebastian Nagel resolved NUTCH-2979.
------------------------------------
Resolution: Fixed
Resolved, so far, without any direct action:
- Nutch core still depends on 1.4 which is not affected by the CVE
- the plugin any23 was removed (NUTCH-2998)
- the plugin lib-htmlunit now depends on commons-text 1.10.0 after the Selenium
dependency was upgraded by NUTCH-2980
> Upgrade Commons Text to 1.10.0
> ------------------------------
>
> Key: NUTCH-2979
> URL: https://issues.apache.org/jira/browse/NUTCH-2979
> Project: Nutch
> Issue Type: Bug
> Components: build, plugin
> Affects Versions: 1.19
> Reporter: Sebastian Nagel
> Priority: Major
> Labels: help-wanted
> Fix For: 1.20
>
>
> In order to address
> [CVE-2022-42889|https://nvd.nist.gov/vuln/detail/CVE-2022-42889] we should
> upgrade to commons-text 1.10.0:
> - Nutch core depends on 1.4 which is not affected by the CVE
> - the plugins lib-htmlunit and any23 depend on a vulnerable commons-text
> version (1.5 - 1.9)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
