[jira] [Commented] (WW-5120) Upgrade Velocity Engine & Velocity Tools

ASF subversion and git services (Jira) Mon, 15 Mar 2021 00:41:06 -0700


    [ 
https://issues.apache.org/jira/browse/WW-5120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17301454#comment-17301454
 ]


ASF subversion and git services commented on WW-5120:
-----------------------------------------------------

Commit 4f45ecec12cfc373706dc56a676a629ad75b2bec in struts's branch 
refs/heads/master from Lukasz Lenart
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=4f45ece ]

WW-5120 Upgrades Velocity


> Upgrade Velocity Engine & Velocity Tools
> ----------------------------------------
>
>                 Key: WW-5120
>                 URL: https://issues.apache.org/jira/browse/WW-5120
>             Project: Struts 2
>          Issue Type: Dependency
>          Components: Plugin - Velocity
>            Reporter: Lukasz Lenart
>            Priority: Major
>             Fix For: 2.6
>
>
> Velocity Engine has known vulnerability:
> CVE-2020-13936: Velocity Sandbox Bypass
> Velocity Tools has known vulnerability:
> CVE-2020-13959: Velocity Tools XSS Vulnerability



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (WW-5120) Upgrade Velocity Engine & Velocity Tools

Reply via email to