[ https://issues.apache.org/jira/browse/DIRKRB-760?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved DIRKRB-760. ---------------------------------------- Fix Version/s: 2.0.3 Resolution: Fixed > The dependency library org.jboss.xnio:xnio-api:jar:3.8.4.Final has a > vulnerability > ---------------------------------------------------------------------------------- > > Key: DIRKRB-760 > URL: https://issues.apache.org/jira/browse/DIRKRB-760 > Project: Directory Kerberos > Issue Type: Bug > Affects Versions: 2.0.2 > Reporter: Albert Wang > Priority: Major > Fix For: 2.0.3 > > > *org.apache.kerby:kerb-common:jar:2.0.2* has a dependency library > *org.jboss.xnio:xnio-api:jar:3.8.4.Final*. > *org.jboss.xnio:xnio-api:jar:3.8.4.Final* has a vulnerability CVE-2022-0084 > which is fixed in *3.8.8.Final*. > Can we upgrade the dependency to *3.8.8.Final*? Or, can we confirm that > *org.apache.kerby:kerb-common:jar:2.0.2* does not use the impact method of > *org.jboss.xnio:xnio-api:jar:3.8.4*? -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org