Re: [I] Transitive Vulnerability in` org.drools:drools-decisiontables:jar:9.44.0.Final` [incubator-kie-drools]
dakshay4 commented on issue #6185: URL: https://github.com/apache/incubator-kie-drools/issues/6185#issuecomment-2530595623 Yes, I seen this vulnerability, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51079, and I can see it is marked DISPUTED. Our applications are upgrading, hence it is better to have a non vulnerable/DISPUTED transitive versions. I will wait for 10.0.0 version to get uploaded soon by drools team. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@kie.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: commits-unsubscr...@kie.apache.org For additional commands, e-mail: commits-h...@kie.apache.org
Re: [I] Transitive Vulnerability in` org.drools:drools-decisiontables:jar:9.44.0.Final` [incubator-kie-drools]
mariofusco closed issue #6185: Transitive Vulnerability in` org.drools:drools-decisiontables:jar:9.44.0.Final` URL: https://github.com/apache/incubator-kie-drools/issues/6185 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@kie.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: commits-unsubscr...@kie.apache.org For additional commands, e-mail: commits-h...@kie.apache.org
Re: [I] Transitive Vulnerability in` org.drools:drools-decisiontables:jar:9.44.0.Final` [incubator-kie-drools]
tkobayas commented on issue #6185: URL: https://github.com/apache/incubator-kie-drools/issues/6185#issuecomment-2522219624 We are in process of releasing 10.0.0 including mvel 2.5.1.Final. We hope it will not take long time. Btw, you meant the vulnerability is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51079 ? It's marked as "DISPUTED" and indeed not a vulnerability. Please read the link ( https://github.com/mvel/mvel/issues/348 ) in the "References". -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@kie.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: commits-unsubscr...@kie.apache.org For additional commands, e-mail: commits-h...@kie.apache.org
