[jira] [Commented] (WAGON-612) Update jsoup to >= 1.14.2 for fix security issue

Michael Osipov (Jira) Mon, 30 Aug 2021 04:29:03 -0700


    [ 
https://issues.apache.org/jira/browse/WAGON-612?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17406685#comment-17406685
 ]


Michael Osipov commented on WAGON-612:
--------------------------------------

This issue can only happen if the HttpWagon is used to list files which uses 
JSoup to parse the Apache HTTPd listing.
[~hboutemy], yes another reason to drop JSoup.

> Update jsoup to >= 1.14.2 for fix security issue
> ------------------------------------------------
>
>                 Key: WAGON-612
>                 URL: https://issues.apache.org/jira/browse/WAGON-612
>             Project: Maven Wagon
>          Issue Type: Dependency upgrade
>          Components: wagon-http
>    Affects Versions: 3.4.3
>            Reporter: Nikolay Krasko
>            Priority: Minor
>
> There's a vulnerability report for the jsoup <= 1.14.2 
> [https://www.cvedetails.com/cve/CVE-2021-37714|https://www.cvedetails.com/cve/CVE-2021-37714/]
> jsoup:1.12.1 is used by wagon-http-shared:3.4.3, that triggers security bots 
> alerts. 
> Please could you update the dependency and release a new version?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (WAGON-612) Update jsoup to >= 1.14.2 for fix security issue

Reply via email to