[ https://issues.apache.org/jira/browse/MNG-6312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16325092#comment-16325092 ]
Karl Heinz Marbaise edited comment on MNG-6312 at 1/13/18 11:39 AM: -------------------------------------------------------------------- Hi [~slachiewicz] sorry already had created a branch with change for..Sorry to bother you was (Author: khmarbaise): Hi [~slachiewicz] would you like to offer an PR ? > Update Maven Wagon dependency > ----------------------------- > > Key: MNG-6312 > URL: https://issues.apache.org/jira/browse/MNG-6312 > Project: Maven > Issue Type: Dependency upgrade > Affects Versions: 3.5.0 > Reporter: Sylwester Lachiewicz > Assignee: Karl Heinz Marbaise > Fix For: 3.5.3 > > > Based on OWASP report - update Maven Wagon from 2.12 to 3.0.0 to fix known > vulnerability in shaded jsoup > wagon-http-2.12-shaded.jar\META-INF/maven/org.jsoup/jsoup/pom.xml > (cpe:/a:jsoup:jsoup:1.7.2, org.jsoup:jsoup:1.7.2) : CVE-2015-6748 -- This message was sent by Atlassian JIRA (v6.4.14#64029)