Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-2672

Update Quartz

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 7.0.7, 7.1.2, 8.0.1
    • None
    • None

    Description

      Our shaded quartz library includes a version of quartz that is vulnerable to CVE-2019-13990 (https://github.com/quartz-scheduler/quartz/issues/467). Although we don't have a code-path through XMLSchedulingDataProcessor, it makes sense to patch this as a user could theoretically use it, and libraries showing up with vulnerabilities can be a blocker to using TomEE.

      Attachments

        Activity

          People

            jgallimore Jonathan Gallimore
            jgallimore Jonathan Gallimore
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: