[ https://issues.apache.org/jira/browse/DIRAPI-372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17339719#comment-17339719 ]
Stefan Seelmann commented on DIRAPI-372: ---------------------------------------- A new release is planned within the next weeks. > Publish new Version on Maven Central to get rid of vulnerable dependency > ------------------------------------------------------------------------ > > Key: DIRAPI-372 > URL: https://issues.apache.org/jira/browse/DIRAPI-372 > Project: Directory Client API > Issue Type: Wish > Affects Versions: 2.0.1 > Reporter: Valentin Brandl > Priority: Major > Fix For: 2.0.2 > > > The current version {{2.0.1}} still depends on > {{org.apache.servicemix.bundles:org.apache.servicemix.bundles.dom4j:2.1.1_1}}, > which has known vulnerabilities: > https://nvd.nist.gov/vuln/detail/CVE-2020-10683 > The dom4j dependency has been [updated 12 month > ago|https://github.com/apache/directory-ldap-api/commit/b32aaaa3881665ca6b530112b2017b2641065b07] > but since then, there hasn't been a new release. > It would be nice to have a new version in maven central that removes this > vulnerable dependency. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org