A Gentle remainder! Thanks, Madhu
From: Madhu Mitha (EXT-Nokia) Sent: Monday, November 4, 2024 10:02 AM To: java-dev-...@axis.apache.org; java-dev@axis.apache.org Subject: Road map/Plan on the v1.8.3 of axis2 Hi Axis2 Team, There were multiple vulnerabilities reported on Apache axis2 v1.8.2. Please find the list of CVE's that I would like to have some info on the Road Map in the upcoming version of 1.8.2. CVE IDs COMPONENT NAME CURRENT VERSION AVAILABLE VERSION CVE-2020-8908 Guava.jar 31.1-jre 33.2.1-jre CVE-2023-2976 CVE-2022-40149 Jettison jar 1.5.0 1.5.4 CVE-2022-40150 CVE-2022-45693 CVE-2022-40152 Woodstox.jar 6.2.8 7.0.0 CVE-2023-3635 OKIO.jar 2.10.0 3.9.0 CVE-2021-29425 Commons-IO 2.5 2.16.0 * Is the above mentioned jars will be fixed in v1.8.3 of Apache axis2? * Is those vulnerabilities are truly affecting Axis2 component or any mitigation plan is there in existing version of axis2? * When 1.8.3 is planned to be released for use? Thanks, Madhu
