[jira] [Updated] (KARAF-7223) Upgrade maven artifacts to mitigate CVE-2021-26291

Jira Wed, 12 Oct 2022 06:48:10 -0700


     [ 
https://issues.apache.org/jira/browse/KARAF-7223?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jean-Baptiste Onofré updated KARAF-7223:
----------------------------------------
    Issue Type: Dependency upgrade  (was: Task)

> Upgrade maven artifacts to mitigate CVE-2021-26291
> --------------------------------------------------
>
>                 Key: KARAF-7223
>                 URL: https://issues.apache.org/jira/browse/KARAF-7223
>             Project: Karaf
>          Issue Type: Dependency upgrade
>          Components: karaf
>    Affects Versions: 4.3.2
>         Environment: Apache Karaf - OSGi
>            Reporter: Karthick
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>
> We are using Apache Karaf 4.3.2 in our project and our security scans report 
> CVE-2021-26291 
> ([https://nvd.nist.gov/vuln/detail/CVE-2021-26291|https://nvd.nist.gov/vuln/detail/CVE-2021-26291).])
>  on our package because Karaf by default packs maven 3.6.x. The fix for the 
> specified CVE is Maven 3.8.1+. 
> ([https://maven.apache.org/docs/3.8.1/release-notes.html]) . Apache Karaf 
> should update to use later versions of Maven resolver etc so that this 
> vulnerability is mitigated.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (KARAF-7223) Upgrade maven artifacts to mitigate CVE-2021-26291

Reply via email to