[
https://issues.apache.org/jira/browse/CAMEL-13169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16762857#comment-16762857
]
Abraham Ciokler edited comment on CAMEL-13169 at 2/7/19 4:52 PM:
-----------------------------------------------------------------
there was a typo on the ticket for the fixed c3p0 version. Please look at the
description again. My apologies. It's version 0.9.5.3
was (Author: aciokler):
there was a typo on the ticket for the fixed c3p0 version. Please look at the
description again. My apologies.
> c3p0 dependent version (0.9.5.2) has a security vulnerability (CVE-2018-20433)
> ------------------------------------------------------------------------------
>
> Key: CAMEL-13169
> URL: https://issues.apache.org/jira/browse/CAMEL-13169
> Project: Camel
> Issue Type: Bug
> Components: camel-quartz2
> Affects Versions: 2.23.1
> Reporter: Abraham Ciokler
> Assignee: Andrea Cosentino
> Priority: Major
> Fix For: 3.0.0, 2.23.2, 2.24.0, 2.22.4
>
>
> camel-quartz2 latest version (2.23.1) has a dependency on c3p0 version
> 0.9.5.2 and that version has a security vulnerability (CVE-2018-20433)
> source: https://nvd.nist.gov/vuln/detail/CVE-2018-20433
> The issue seems to be resolved by updating the dependency of c3p0 to 0.9.5.3.
> Please, update the camel-quartz2 to use newest version of c3p0 (0.9.5.2 at
> the time of writing this).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
