Thanks, issue created here: https://issues.apache.org/jira/browse/JS2-1371 <https://issues.apache.org/jira/browse/JS2-1371>
> On Jan 4, 2021, at 4:56 AM, Louis Vetsch <lwvet...@gmail.com> wrote: > > Hi David, > > The following direct dependencies have been highlighted as having security > vulnerabilities (along with the suggested remediation): > Apache Commons BeanUtils 1.9.2 (update to 1.9.4) > Apache Commons FileUpload 1.3.1 (update to 1.4) > Apache CXF 2.2.5 (update to cxf-3.4.1) > Apache Lucene 3.1.0 (update to 8.7.0) > Apache lucene-solr 3.1.0 (update to 8.7.0) > Castor 1.1.1 (update to 1.4.1) > dom4j 1.6.1 (update to 20040902.021138) > slf4j 1.5.6 (update to 1.7.30) > Spring-core 3.2.9RELEASE (update to 5.3.2) > Spring-aop 3.2.9.RELEASE (update to 5.3.2) > Spring-beans 3.2.9.RELEASE (update to 5.3.2) > Spring-context 3.2.9.RELEASE (update to 5.3.2) > Spring-context-support 3.2.9.RELEASE (update to 5.3.2) > Spring-web 3.2.9.RELEASE (update to 5.3.2) > Spring-orm 3.2.9.RELEASE (update to 5.3.2) > Spring-jdbc 3.2.9.RELEASE (update to 5.3.2) > Spring-ldap 1.3.0 (update to 2.0.3) > > On Wed, Dec 30, 2020 at 4:43 PM David S Taylor <da...@bluesunrise.com> > wrote: > >> >>> On Dec 30, 2020, at 12:10 PM, Louis Vetsch <lwvet...@gmail.com> wrote: >>> >>> Hi, >>> >>> >>> >>> Are there any plans to provide a new release of Jetspeed-2 using >> up-to-date >>> components for dependent open source components used by Jetspeed? We are >>> currently using Jetspeed-2 2.3.1 but are finding that many of the >>> dependencies used by Jetspeed-2 are out-dated and have security >>> vulnerabilities. >>> >> Would be nice to release 2.3.2. We’ve added some improvements that are >> worthy of a new release. Could you provide a list of dependencies that have >> security vulnerabilities? >> >> Here are the issues for 2.3.2. We will probably trim that down some… >> >> >> https://issues.apache.org/jira/browse/JS2-1363?jql=project%20%3D%20JS2%20AND%20resolution%20%3D%20Unresolved%20AND%20fixVersion%20%3D%202.3.2%20ORDER%20BY%20priority%20DESC%2C%20updated%20DESC >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org >> For additional commands, e-mail: jetspeed-user-h...@portals.apache.org >> >>
