[ https://issues.apache.org/jira/browse/TOMEE-2737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Wiesner updated TOMEE-2737: ---------------------------------- Fix Version/s: 8.0.1 > Update some third parties because of CVEs > ----------------------------------------- > > Key: TOMEE-2737 > URL: https://issues.apache.org/jira/browse/TOMEE-2737 > Project: TomEE > Issue Type: Improvement > Components: TomEE Core Server > Affects Versions: 8.0.0-Final > Reporter: François Courtault > Priority: Major > Fix For: 8.0.1 > > > Hello, > There are several CVEs linked to some third parties embedded like jackson and > xmlsec (santuario). > Could you update those third parties ? > jackson-databind from 2.9.9.3 to 2.9.10 at least-- > xmlsec from 2.1.2 to 2.1.4 at least > commons-beanutils from 1.9.3 to 1.9.4 (don't know if the latest version fixes > any CVE) > ... > Best Regards. > -- This message was sent by Atlassian Jira (v8.3.4#803005)