[ https://issues.apache.org/jira/browse/CXF-8779?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed CXF-8779. ------------------------------------ Resolution: Not A Problem > Vulnerabilities from dependencies - jackson-databind & commons-text > ------------------------------------------------------------------- > > Key: CXF-8779 > URL: https://issues.apache.org/jira/browse/CXF-8779 > Project: CXF > Issue Type: Bug > Reporter: Ragul > Priority: Critical > > Version 1.11.1 of avro-compiler contains the apache commons-text vulnerable > library (1.9) & > Jackson-databind (2.12.7) > > Vulnerabilities from dependencies: > [CVE-2022-42889|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889] > [CVE-2022-42004|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004] > [CVE-2022-42003|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003] > > Is there any plan to upgrade dependency and address this issue? -- This message was sent by Atlassian Jira (v8.20.10#820010)