[
https://issues.apache.org/jira/browse/CAMEL-13169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrea Cosentino resolved CAMEL-13169.
--------------------------------------
Resolution: Fixed
> c3p0 dependent version (0.9.5.2) has a security vulnerability (CVE-2018-20433)
> ------------------------------------------------------------------------------
>
> Key: CAMEL-13169
> URL: https://issues.apache.org/jira/browse/CAMEL-13169
> Project: Camel
> Issue Type: Task
> Components: camel-quartz2
> Affects Versions: 2.23.1
> Reporter: Abraham Ciokler
> Assignee: Andrea Cosentino
> Priority: Minor
> Fix For: 3.0.0, 2.23.2, 2.24.0, 2.22.4
>
>
> camel-quartz2 latest version (2.23.1) has a dependency on c3p0 version
> 0.9.5.2 and that version has a security vulnerability (CVE-2018-20433)
> source: https://nvd.nist.gov/vuln/detail/CVE-2018-20433
> The issue seems to be resolved by updating the dependency of c3p0 to 0.9.5.3.
> Please, update the camel-quartz2 to use newest version of c3p0 (0.9.5.3 at
> the time of writing this).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
