Xilai Dai created FELIX-6721:
--------------------------------
Summary: CVE-2021-33813: Upgrade jdom to the latest version in
maven-bundle-plugin
Key: FELIX-6721
URL: https://issues.apache.org/jira/browse/FELIX-6721
Project: Felix
Issue Type: Improvement
Components: Maven Bundle Plugin
Affects Versions: maven-bundle-plugin-5.1.9
Reporter: Xilai Dai
There is a HIGH CVE https://nvd.nist.gov/vuln/detail/CVE-2021-33813 detected in
the maven-bundle-plugin.
https://github.com/apache/felix-dev/blob/master/tools/maven-bundle-plugin/pom.xml#L274
<dependency>
<groupId>org.jdom</groupId>
<artifactId>jdom</artifactId>
<version>1.1</version>
</dependency>
The latest jdom2/2.0.6.1
(https://search.maven.org/artifact/org.jdom/jdom2/2.0.6.1/jar) is the fix
version for it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
