[ https://issues.apache.org/jira/browse/MJAVADOC-545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Scott updated MJAVADOC-545: --------------------------------- Description: Our security audits have reported that this plugin has a dependency on Struts 1.3.8 which has several critical security flaws. Although this is a build-time only plugin, this still represents a security issue as well as using EOL software. Is there any way to update? [https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-6117/version_id-164423/Apache-Struts-1.3.8.html] was: Our security audits have reported that this plugin has a dependency on Struts 1.3.8 which has several critical security flaws. Although this is a build-time-only plugin, this still represents a security issue as well as using EOL software. Is there any way to update? [https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-6117/version_id-164423/Apache-Struts-1.3.8.html] > Struts 1.3.8 > ------------ > > Key: MJAVADOC-545 > URL: https://issues.apache.org/jira/browse/MJAVADOC-545 > Project: Maven Javadoc Plugin > Issue Type: Dependency upgrade > Components: javadoc > Affects Versions: 3.0.1 > Reporter: Chris Scott > Priority: Major > > Our security audits have reported that this plugin has a dependency on Struts > 1.3.8 which has several critical security flaws. Although this is a > build-time only plugin, this still represents a security issue as well as > using EOL software. Is there any way to update? > [https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-6117/version_id-164423/Apache-Struts-1.3.8.html] -- This message was sent by Atlassian JIRA (v7.6.3#76005)