[
https://issues.apache.org/jira/browse/THRIFT-5512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17489187#comment-17489187
]
Christopher Tubbs commented on THRIFT-5512:
-------------------------------------------
It is credible. JUnit 4 had the Maven coordinates junit:junit. But, JUnit 5 has
the groupId org.junit.
https://search.maven.org/search?q=g:org.junit
It should suffice to upgrade to 4.13.2. Eventually you can move to 5, but it's
a bit of work to migrate. It's not a simple upgrade.
> CVEs notified on Maven Central (through deps)
> ---------------------------------------------
>
> Key: THRIFT-5512
> URL: https://issues.apache.org/jira/browse/THRIFT-5512
> Project: Thrift
> Issue Type: Bug
> Components: Java - Library
> Affects Versions: 0.15.0
> Reporter: Divye Kapoor
> Priority: Minor
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Consider fixing the dep versions and doing a minor release.
> Maven central identifies indirect CVEs:
> https://mvnrepository.com/artifact/org.apache.thrift/libthrift/0.15.0
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
