[
https://issues.apache.org/jira/browse/FOP-3106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Campbell updated FOP-3106:
--------------------------------
Description:
There is a security issue [https://nvd.nist.gov/vuln/detail/CVE-2022-40146] in
batik which is a dependency of FOP.
I understand that https://issues.apache.org/jira/browse/BATIK-1335 is the fix
for security issue, but there's no new FOP build that includes the fixed batik
version 1.15 as a dependency.
was:
There is a security issue [https://nvd.nist.gov/vuln/detail/CVE-2022-40146] in
batik which is dependency of FOP.
I understand that https://issues.apache.org/jira/browse/BATIK-1335 is the fix
for security issue, but there's no new FOP build that includes the fixed batik
version 1.15 as a dependency.
> CVE-2022-40146 fix BATIK-1335 in batik dependency not yet included in FOP
> build
> -------------------------------------------------------------------------------
>
> Key: FOP-3106
> URL: https://issues.apache.org/jira/browse/FOP-3106
> Project: FOP
> Issue Type: Bug
> Affects Versions: 2.7
> Reporter: David Campbell
> Priority: Major
>
> There is a security issue [https://nvd.nist.gov/vuln/detail/CVE-2022-40146]
> in batik which is a dependency of FOP.
> I understand that https://issues.apache.org/jira/browse/BATIK-1335 is the fix
> for security issue, but there's no new FOP build that includes the fixed
> batik version 1.15 as a dependency.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
