[
https://issues.apache.org/jira/browse/WW-5120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart resolved WW-5120.
-------------------------------
Resolution: Fixed
> Upgrade Velocity Engine & Velocity Tools
> ----------------------------------------
>
> Key: WW-5120
> URL: https://issues.apache.org/jira/browse/WW-5120
> Project: Struts 2
> Issue Type: Dependency
> Components: Plugin - Velocity
> Reporter: Lukasz Lenart
> Priority: Major
> Fix For: 2.6
>
>
> Velocity Engine has known vulnerability:
> CVE-2020-13936: Velocity Sandbox Bypass
> Velocity Tools has known vulnerability:
> CVE-2020-13959: Velocity Tools XSS Vulnerability
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
