[jira] [Created] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052

Karthick (Jira) Mon, 09 Aug 2021 23:53:06 -0700

Karthick created KARAF-7240:
-------------------------------

             Summary: Upgrade bcprov artifacts to mitigate CVE-2020-28052
                 Key: KARAF-7240
                 URL: https://issues.apache.org/jira/browse/KARAF-7240
             Project: Karaf
          Issue Type: Task
          Components: karaf
    Affects Versions: 4.3.2
         Environment: Apache Karaf - OSGi
            Reporter: Karthick
            Assignee: Jean-Baptiste Onofré



We are using Apache Karaf 4.3.2 in our project and our security scans report 
CVE-2021-26291 
([https://nvd.nist.gov/vuln/detail/CVE-2021-26291|https://nvd.nist.gov/vuln/detail/CVE-2021-26291).])
 on our package because Karaf by default packs maven 3.6.x. The fix for the 
specified CVE is Maven 3.8.1+. 
([https://maven.apache.org/docs/3.8.1/release-notes.html]) . Apache Karaf 
should update to use later versions of Maven resolver etc so that this 
vulnerability is mitigated.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052

Reply via email to