[jira] [Created] (QPID-8582) JB: Update dependencies

Daniil Kirilyuk created QPID-8582:
-------------------------------------

             Summary: JB: Update dependencies
                 Key: QPID-8582
                 URL: https://issues.apache.org/jira/browse/QPID-8582
             Project: Qpid
          Issue Type: Improvement
          Components: Broker-J
    Affects Versions: qpid-java-broker-8.0.6
            Reporter: Daniil Kirilyuk



Several Broker-J dependencies suffer from vulnerabilities:

 
||Dependency||Vulnerabilities||
|[JUnit 
4.13|https://mvnrepository.com/artifact/junit/junit/4.13]|[CVE-2020-15250|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250]|
|[jackson-databind 
2.13.2|https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.13.2]|[CVE-2020-36518|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518]|
|[netty-codec-http 
4.1.51.Final|https://mvnrepository.com/artifact/io.netty/netty-codec-http/4.1.51.Final]
 |[CVE-2021-37137, 
|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137] 
[CVE-2021-37136|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136]|
|[httpclient 
4.5.3|https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient/4.5.3]|[CVE-2020-15250|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250]|

 

They should be updated to the actual versions.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (QPID-8582) JB: Update dependencies

Reply via email to