I did the updates yesterday and the CI is still running, but I don't think, that we expect any regressions, so it should be save to upgrade in /lib
On 2024/03/15 14:56:11 COURTAULT Francois wrote: > THALES GROUP LIMITED DISTRIBUTION to email recipients > > Hello everyone, > > The CVE 2023-51775 (Sonatype CVSS 3: 8.6) has been raised end of February > 2024. > jose4j-0.9.3.jar has this vulnerability. > > Is it safe/ok to replace this version by jose4j-0.9.6.jar released the 6th of > March 2024 ? > > Best Regards. > > >
