[FELIX-6721] CVE-2021-33813: Upgrade jdom to the latest version in maven-bundle-plugin - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Critical
Resolution: Unresolved
Affects Version/s: maven-bundle-plugin-5.1.9
Fix Version/s: None
Component/s: Maven Bundle Plugin
Labels:
None

Description

There is a HIGH CVE https://nvd.nist.gov/vuln/detail/CVE-2021-33813 detected in the maven-bundle-plugin.

https://github.com/apache/felix-dev/blob/master/tools/maven-bundle-plugin/pom.xml#L274
<dependency>
<groupId>org.jdom</groupId>
<artifactId>jdom</artifactId>
<version>1.1</version>
</dependency>

The latest jdom2/2.0.6.1 (https://search.maven.org/artifact/org.jdom/jdom2/2.0.6.1/jar) is the fix version for it.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Xilai Dai

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23/Jul/24 03:44

Updated:: 23/Jul/24 03:44