[QPID-8582] [Broker-J] Update dependencies with vulnerabilities - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Implemented
Affects Version/s: qpid-java-broker-8.0.6
Fix Version/s: qpid-java-broker-9.0.0
Component/s: Broker-J
Labels:
None

Description

Several Broker-J dependencies suffer from vulnerabilities:

Dependency	Vulnerabilities
JUnit 4.13	CVE-2020-15250
jackson-databind 2.13.2	CVE-2020-36518
netty-codec-http 4.1.51.Final	CVE-2021-37137, CVE-2021-37136
httpclient 4.5.3	CVE-2020-15250

They should be updated to the actual versions.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Daniil Kirilyuk

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11/Apr/22 13:05

Updated:: 11/Nov/22 12:23

Resolved:: 01/Nov/22 08:57