Shalom Yaish created CXF-8776:
---------------------------------
Summary: Version 3.5.4 contains security vulnerable woodstox
version
Key: CXF-8776
URL: https://issues.apache.org/jira/browse/CXF-8776
Project: CXF
Issue Type: Bug
Components: JAX-RS
Affects Versions: 3.5.4
Reporter: Shalom Yaish
Version 3.5.4 contains the security vulnerable woodstox-core- 6.2.8 containing
this CVE:
CVE-2022-40151 - CVE-2022-40156
[https://www.mend.io/vulnerability-database/CVE-2022-40151]
The fix existed at woodstox-core-6.4.0
Any chance this will be released quickly ?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
