Hi David, The following direct dependencies have been highlighted as having security vulnerabilities (along with the suggested remediation): Apache Commons BeanUtils 1.9.2 (update to 1.9.4) Apache Commons FileUpload 1.3.1 (update to 1.4) Apache CXF 2.2.5 (update to cxf-3.4.1) Apache Lucene 3.1.0 (update to 8.7.0) Apache lucene-solr 3.1.0 (update to 8.7.0) Castor 1.1.1 (update to 1.4.1) dom4j 1.6.1 (update to 20040902.021138) slf4j 1.5.6 (update to 1.7.30) Spring-core 3.2.9RELEASE (update to 5.3.2) Spring-aop 3.2.9.RELEASE (update to 5.3.2) Spring-beans 3.2.9.RELEASE (update to 5.3.2) Spring-context 3.2.9.RELEASE (update to 5.3.2) Spring-context-support 3.2.9.RELEASE (update to 5.3.2) Spring-web 3.2.9.RELEASE (update to 5.3.2) Spring-orm 3.2.9.RELEASE (update to 5.3.2) Spring-jdbc 3.2.9.RELEASE (update to 5.3.2) Spring-ldap 1.3.0 (update to 2.0.3)
On Wed, Dec 30, 2020 at 4:43 PM David S Taylor <da...@bluesunrise.com> wrote: > > > On Dec 30, 2020, at 12:10 PM, Louis Vetsch <lwvet...@gmail.com> wrote: > > > > Hi, > > > > > > > > Are there any plans to provide a new release of Jetspeed-2 using > up-to-date > > components for dependent open source components used by Jetspeed? We are > > currently using Jetspeed-2 2.3.1 but are finding that many of the > > dependencies used by Jetspeed-2 are out-dated and have security > > vulnerabilities. > > > Would be nice to release 2.3.2. We’ve added some improvements that are > worthy of a new release. Could you provide a list of dependencies that have > security vulnerabilities? > > Here are the issues for 2.3.2. We will probably trim that down some… > > > https://issues.apache.org/jira/browse/JS2-1363?jql=project%20%3D%20JS2%20AND%20resolution%20%3D%20Unresolved%20AND%20fixVersion%20%3D%202.3.2%20ORDER%20BY%20priority%20DESC%2C%20updated%20DESC > --------------------------------------------------------------------- > To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org > For additional commands, e-mail: jetspeed-user-h...@portals.apache.org > >
