[jira] [Commented] (WAGON-612) Update jsoup to >= 1.14.2 for fix security issue

Michael Osipov (Jira) Tue, 07 Dec 2021 23:03:06 -0800


    [ 
https://issues.apache.org/jira/browse/WAGON-612?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17455002#comment-17455002
 ]


Michael Osipov commented on WAGON-612:
--------------------------------------

No, because Maven is not affected. If your stupid company policy requires you 
to solve this problem, there are several ones.

> Update jsoup to >= 1.14.2 for fix security issue
> ------------------------------------------------
>
>                 Key: WAGON-612
>                 URL: https://issues.apache.org/jira/browse/WAGON-612
>             Project: Maven Wagon
>          Issue Type: Dependency upgrade
>          Components: wagon-http
>    Affects Versions: 3.4.3
>            Reporter: Nikolay Krasko
>            Priority: Minor
>
> There's a vulnerability report for the jsoup <= 1.14.2 
> [https://www.cvedetails.com/cve/CVE-2021-37714|https://www.cvedetails.com/cve/CVE-2021-37714/]
> jsoup:1.12.1 is used by wagon-http-shared:3.4.3, that triggers security bots 
> alerts. 
> Please could you update the dependency and release a new version?



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (WAGON-612) Update jsoup to >= 1.14.2 for fix security issue

Reply via email to