[jira] [Closed] (FELIX-6721) CVE-2021-33813: Upgrade jdom to the latest version in maven-bundle-plugin

Carsten Ziegeler (Jira) Tue, 17 Dec 2024 22:35:52 -0800


     [ 
https://issues.apache.org/jira/browse/FELIX-6721?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Carsten Ziegeler closed FELIX-6721.
-----------------------------------

> CVE-2021-33813: Upgrade jdom to the latest version in maven-bundle-plugin
> -------------------------------------------------------------------------
>
>                 Key: FELIX-6721
>                 URL: https://issues.apache.org/jira/browse/FELIX-6721
>             Project: Felix
>          Issue Type: Improvement
>          Components: Maven Bundle Plugin
>    Affects Versions: maven-bundle-plugin-5.1.9
>            Reporter: Xilai Dai
>            Assignee: Paul Rütter
>            Priority: Critical
>             Fix For: maven-bundle-plugin-6.0.0
>
>
> There is a HIGH CVE https://nvd.nist.gov/vuln/detail/CVE-2021-33813 detected 
> in the maven-bundle-plugin.
> https://github.com/apache/felix-dev/blob/master/tools/maven-bundle-plugin/pom.xml#L274
>   <dependency>
>    <groupId>org.jdom</groupId>
>    <artifactId>jdom</artifactId>
>    <version>1.1</version>
>   </dependency>
> The latest jdom2/2.0.6.1 
> (https://search.maven.org/artifact/org.jdom/jdom2/2.0.6.1/jar) is the fix 
> version for it.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (FELIX-6721) CVE-2021-33813: Upgrade jdom to the latest version in maven-bundle-plugin

Reply via email to