github-actions[bot] closed pull request #943: Regenerated BOMs after dependency
upgrades
URL: https://github.com/apache/tomee/pull/943
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific co
Hi,
I am starting this test on a virtual machine in our infra now.
@all For building main you need to either use a JDK 11 or JDK 17. This
information is also relevant as well as the Maven version used to for
building.
In addition, it might be required to switch the git repo url in the sh
script
Hi Alex,
I can confirm, that 2.14.0-rc1 fixes the vulnerability as I cherry-
picked the related fixes to an upcoming 2.13.4.1 (micro patch version)
yesterday. My PR was merged in earlier today.
The issue is, that the fix version is set to 2.14.0 in the CVE itself
although it is included in 2.14.0
