[jira] [Closed] (MNG-7414) Maven version 3.8.3 + 3.8.4 have jsoup vulnerability

Michael Osipov (Jira) Sun, 18 Sep 2022 05:28:05 -0700


     [ 
https://issues.apache.org/jira/browse/MNG-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Michael Osipov closed MNG-7414.
-------------------------------
    Fix Version/s:     (was: waiting-for-feedback)
                       (was: wontfix-candidate)
       Resolution: Not A Problem

These versions have been superseded. 

> Maven version 3.8.3 + 3.8.4 have jsoup vulnerability
> ----------------------------------------------------
>
>                 Key: MNG-7414
>                 URL: https://issues.apache.org/jira/browse/MNG-7414
>             Project: Maven
>          Issue Type: Bug
>            Reporter: Ksenia Hershkovici
>            Priority: Major
>
> Hi Team,
> We are facing jsoup component vulnerability with maven versions 3.8.3 and 
> 3.8.4 which is the latest released version of maven. The CVE details are: 
> CVE-2021-37714
> Jsoup version which is getting installed while installing maven 3.8.3 and 
> 3.8.4 is v1.12.1.
> We noticed that both versions have wagon 3.4.3 that is probably installing 
> Jsoup v1.12.1.
> Can you please provide the details of next maven version release with this 
> fix in it?
> Thanks.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (MNG-7414) Maven version 3.8.3 + 3.8.4 have jsoup vulnerability

Reply via email to