[jira] [Commented] (OFBIZ-5744) We need to upgrade Birt which uses Axis 1.4 because of CVE-2014-3596

Jacques Le Roux (Jira) Wed, 22 May 2024 23:24:05 -0700


    [ 
https://issues.apache.org/jira/browse/OFBIZ-5744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17848825#comment-17848825
 ]


Jacques Le Roux commented on OFBIZ-5744:
----------------------------------------

With OFBIZ-12824 we disabled the Birt component in all branches (including 
trunk) because of CVE-2022-25371.

Recently with 
https://github.com/eclipse-birt/birt/issues/625#issuecomment-2118951488 it's 
maybe possible to upgrade the Birt component in OFBiz. Let's see what it 
needs...

> We need to upgrade Birt which uses Axis 1.4 because of CVE-2014-3596
> --------------------------------------------------------------------
>
>                 Key: OFBIZ-5744
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5744
>             Project: OFBiz
>          Issue Type: Bug
>          Components: birt
>    Affects Versions: 11.04.06, 12.04.05, 14.12.01
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Major
>              Labels: CVE
>
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3596



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (OFBIZ-5744) We need to upgrade Birt which uses Axis 1.4 because of CVE-2014-3596

Reply via email to