czw., 18 mar 2021 o 05:48 Bolz, Michael <michael.b...@sap.com> napisał(a): > I try to find out if this CVE-2020-13959 also affect the older Velocity 1.7 > version. > > > <groupId>org.apache.velocity</groupId> > > <artifactId>velocity</artifactId> > > <version>1.7</version> > > As we are using dependencies which require this old Velocity version. > Unfortunately the CVE description on NVD is not clear about this. > Furthermore I tried to check it by myself based on the GitHub repo, but was > not successful. > > It would be very kind if someone could help me.
Artifacts and GroupIDs have changed sometime ago, see [1][2][3], so you must migrate to the new Artifacts are there some code changes that need to be applied (if you have a by-code integration) Before [1] https://github.com/apache/struts/blob/struts-2-5-x/pom.xml#L659-L685 Now [2] https://github.com/apache/struts/blob/master/pom.xml#L732-L749 Migration [3] https://github.com/apache/struts/pull/394 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@velocity.apache.org For additional commands, e-mail: user-h...@velocity.apache.org
