[jira] [Assigned] (FELIX-6193) Update maven-archiver + plexus-utils

Jira Thu, 17 Oct 2019 21:28:32 -0700


     [ 
https://issues.apache.org/jira/browse/FELIX-6193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jean-Baptiste Onofré reassigned FELIX-6193:
-------------------------------------------

    Assignee: Jean-Baptiste Onofré

> Update maven-archiver + plexus-utils
> ------------------------------------
>
>                 Key: FELIX-6193
>                 URL: https://issues.apache.org/jira/browse/FELIX-6193
>             Project: Felix
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: maven-bundle-plugin-4.2.2
>
>
> We should update the versions of maven-archiver + plexus-utils in the 
> maven-bundle-plugin to remove the CVEs:
> plexus-archiver-2.8.1.jar 
> (pkg:maven/org.codehaus.plexus/plexus-archiver@2.8.1, 
> cpe:2.3:a:plexus-archiver_project:plexus-archiver:2.8.1:*:*:*:*:*:*:*) : 
> CVE-2018-1002200
> plexus-utils-3.0.10.jar (pkg:maven/org.codehaus.plexus/plexus-utils@3.0.10, 
> cpe:2.3:a:plexus-utils_project:plexus-utils:3.0.10:*:*:*:*:*:*:*) : 
> CVE-2017-1000487, Directory traversal in org.codehaus.plexus.util.Expand, 
> Possible XML Injection



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Assigned] (FELIX-6193) Update maven-archiver + plexus-utils

Reply via email to