[
https://issues.apache.org/jira/browse/THRIFT-5512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17489124#comment-17489124
]
Yuxuan Wang commented on THRIFT-5512:
-------------------------------------
That page suggests to upgrade junit to 5.8.2 but the latest version available
on maven central is 4.13.2: [https://repo1.maven.org/maven2/junit/junit/]
So now I'm starting to question how credible is that source.
> CVEs notified on Maven Central (through deps)
> ---------------------------------------------
>
> Key: THRIFT-5512
> URL: https://issues.apache.org/jira/browse/THRIFT-5512
> Project: Thrift
> Issue Type: Bug
> Components: Java - Library
> Affects Versions: 0.15.0
> Reporter: Divye Kapoor
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Consider fixing the dep versions and doing a minor release.
> Maven central identifies indirect CVEs:
> https://mvnrepository.com/artifact/org.apache.thrift/libthrift/0.15.0
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
