[jira] [Resolved] (CXF-8776) Version 3.5.4 contains security vulnerable woodstox version

Colm O hEigeartaigh (Jira) Wed, 26 Oct 2022 05:29:12 -0700


     [ 
https://issues.apache.org/jira/browse/CXF-8776?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Colm O hEigeartaigh resolved CXF-8776.
--------------------------------------
    Resolution: Fixed

> Version 3.5.4 contains security vulnerable woodstox version
> -----------------------------------------------------------
>
>                 Key: CXF-8776
>                 URL: https://issues.apache.org/jira/browse/CXF-8776
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS
>    Affects Versions: 3.5.4
>            Reporter: Shalom Yaish
>            Priority: Major
>             Fix For: 3.5.5
>
>
> Version 3.5.4 contains the security vulnerable woodstox-core- 6.2.8 
> containing this CVE:
> CVE-2022-40151 - CVE-2022-40156
> [https://www.mend.io/vulnerability-database/CVE-2022-40151]
> The fix existed at woodstox-core-6.4.0
>  
> Any chance this will be released quickly ?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CXF-8776) Version 3.5.4 contains security vulnerable woodstox version

Reply via email to