[jira] [Created] (TOMEE-2737) Update some third parties because of CVEs

Jira Wed, 13 Nov 2019 03:57:26 -0800

François Courtault created TOMEE-2737:
-----------------------------------------


             Summary: Update some third parties because of CVEs
                 Key: TOMEE-2737
                 URL: https://issues.apache.org/jira/browse/TOMEE-2737
             Project: TomEE
          Issue Type: Improvement
          Components: TomEE Core Server
    Affects Versions: 8.0.0-Final
            Reporter: François Courtault


Hello,

There are several CVEs linked to some third parties embedded like jackson and 
xmlsec (santuario).

Could you update those third parties ?

jackson-databind from 2.9.9.3 to 2.9.10 at least--

xmlsec from 2.1.2 to 2.1.4 at least

commons-beanutils from 1.9.3 to 1.9.4 (don't know if the latest version fixes 
any CVE)

...

Best Regards.

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (TOMEE-2737) Update some third parties because of CVEs

Reply via email to