[ https://issues.apache.org/jira/browse/CXF-8776?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved CXF-8776. -------------------------------------- Resolution: Fixed > Version 3.5.4 contains security vulnerable woodstox version > ----------------------------------------------------------- > > Key: CXF-8776 > URL: https://issues.apache.org/jira/browse/CXF-8776 > Project: CXF > Issue Type: Bug > Components: JAX-RS > Affects Versions: 3.5.4 > Reporter: Shalom Yaish > Priority: Major > Fix For: 3.5.5 > > > Version 3.5.4 contains the security vulnerable woodstox-core- 6.2.8 > containing this CVE: > CVE-2022-40151 - CVE-2022-40156 > [https://www.mend.io/vulnerability-database/CVE-2022-40151] > The fix existed at woodstox-core-6.4.0 > > Any chance this will be released quickly ? -- This message was sent by Atlassian Jira (v8.20.10#820010)