Hello,

noticed that Apache Neethi is still at vulnerable 3.2.1 even though I had 
expected it should be at 3.2.2 in our environment with CXF 4.2.1.

Found the following  chain of dependencies: 
org.apache.cxf:cxf-rt-ws-security:4.2.1/2 depends on 
org.apache.wss4j:wss4j-policy:4.0.1 which still depends on 
org.apache.neethi:neethi:3.2.1

However, org.apache.cxf:cxf-rt-ws-policy:4.2.1/2 for instance depends on 
org.apache.neethi:neethi:3.2.2 as expected.

Not sure if it’s our specific environment or a general problem - any additional 
information I can provide?

I see the vote for 4.2.2 is already open or even closed - is there a chance to 
get this still fixed for 4.2.2 if a general issue or would this have to wait 
until 4.2.3? Would I need to create a ticket for that?

Thanks in advance!

Bernhard

Bernhard Schuhmann
Principal Software Engineer
Jedox
Bismarckallee 7a
79098Freiburg im Breisgau
Germany
Jedox GmbH
Chief Executive Officer (Geschäftsführer): Florian Winterstein
Place of Business: Freiburg i. Br. | Registry Court: Amtsgericht Freiburg | HRB 
723467
​
​​[TM.V06112018]

Reply via email to