Hi Apache CXF Dev Team, Kindly can you provide an update on my request below ?
The latest version of cxf-codegen-plugin<https://mvnrepository.com/artifact/org.apache.cxf/cxf-codegen-plugin>(3.5.4) have dependency on cxf-tools-wsdlto-frontend-jaxws<https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4). This cxf-tools-wsdlto-frontend-jaxws<https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4) have a dependency on commons-text-1.9. The commons-text-1.9 have direct security vulnerability as CVE-2022-42889. But commons-text-1.10.0 does not have any security vulnerability. Kindly can you let us know if there is any plan and timeline when the next verion of cxf-codegen-plugin will be released which will have transitive dependency on commons-text-1.10.0 ? [cid:image001.png@01D9003D.3C664280] Deb Thanks and Regards, Debabrata Deb From: Deb,D,Debabrata,QDB C Sent: 16 November 2022 18:05 To: 'dev@cxf.apache.org' <dev@cxf.apache.org> Cc: Nagare,N,Narendra,QDH R <narendra.2.nag...@bt.com> Subject: RE: cxf-codegen-plugin next releases Hi Apache CXF Dev Team, Kindly can you provide an update on my request below ? [cid:image001.png@01D9003D.3C664280] Deb Thanks and Regards, Debabrata Deb From: Deb,D,Debabrata,QDB C Sent: 08 November 2022 21:39 To: dev@cxf.apache.org<mailto:dev@cxf.apache.org> Cc: Nagare,N,Narendra,QDH R <narendra.2.nag...@bt.com<mailto:narendra.2.nag...@bt.com>> Subject: cxf-codegen-plugin next releases Hi Apache CXF Dev Team, Greetings!! The latest version of cxf-codegen-plugin<https://mvnrepository.com/artifact/org.apache.cxf/cxf-codegen-plugin>(3.5.4) have dependency on cxf-tools-wsdlto-frontend-jaxws<https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4). This cxf-tools-wsdlto-frontend-jaxws<https://mvnrepository.com/artifact/org.apache.cxf/cxf-tools-wsdlto-frontend-jaxws>(3.5.4) have a dependency on commons-text-1.9. The commons-text-1.9 have direct security vulnerability as CVE-2022-42889. But commons-text-1.10.0 does not have any security vulnerability. Kindly can you let us know if there is any plan and timeline when the next verion of cxf-codegen-plugin will be released which will have transitive dependency on commons-text-1.10.0 ? [cid:image001.png@01D9003D.3C664280] Deb Thanks and Regards, Debabrata Deb
