[jira] [Updated] (FOP-2939) Upgrade ant if possible

Tilman Hausherr (Jira) Sat, 23 May 2020 02:04:13 -0700


     [ 
https://issues.apache.org/jira/browse/FOP-2939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tilman Hausherr updated FOP-2939:
---------------------------------
    Description: 
fop has a dependency on ant 1.8.2, e.g. in
https://svn.apache.org/repos/asf/xmlgraphics/fop/trunk/fop-core/pom.xml

    <dependency>
      <groupId>org.apache.ant</groupId>
      <artifactId>ant</artifactId>
      <version>1.8.2</version>
    </dependency>

however that version is flagged with vulnerability CVE-2020-1945 by 
dependency-check-maven.

  was:
fop has a dependency on ant 1.8.2, e.g. in
https://svn.apache.org/repos/asf/xmlgraphics/fop/trunk/fop-core/pom.xml

    <dependency>
      <groupId>org.apache.ant</groupId>
      <artifactId>ant</artifactId>
      <version>1.8.2</version>
    </dependency>

however that version is flagged with vulnerability CVE-2020-1945.


> Upgrade ant if possible
> -----------------------
>
>                 Key: FOP-2939
>                 URL: https://issues.apache.org/jira/browse/FOP-2939
>             Project: FOP
>          Issue Type: Task
>    Affects Versions: 2.5
>            Reporter: Tilman Hausherr
>            Priority: Minor
>
> fop has a dependency on ant 1.8.2, e.g. in
> https://svn.apache.org/repos/asf/xmlgraphics/fop/trunk/fop-core/pom.xml
>     <dependency>
>       <groupId>org.apache.ant</groupId>
>       <artifactId>ant</artifactId>
>       <version>1.8.2</version>
>     </dependency>
> however that version is flagged with vulnerability CVE-2020-1945 by 
> dependency-check-maven.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (FOP-2939) Upgrade ant if possible

Reply via email to