Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jdom2 vulnerability #436

Closed
rkopka opened this issue Jul 21, 2021 · 2 comments
Closed

jdom2 vulnerability #436

rkopka opened this issue Jul 21, 2021 · 2 comments

Comments

@rkopka
Copy link

rkopka commented Jul 21, 2021

Jpos uses jdom2 library in the newest version that has vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2021-33813
@ar
Copy link
Member

ar commented Jul 21, 2021

We are aware of this vulnerability for a long time and patched it for the only external vector that could affect the system (see 6d2a7b1). We are also actively monitoring JDOM Issue 189 where it has been patched against master. We are waiting for the imminent release of the new JDOM version in order to upgrade it in jPOS.

If that doesn't happen soon, we may temporarily host the patched version in our maven repo, until it gets released.

@ar
Copy link
Member

ar commented Dec 8, 2021

Fixed in 78c4fd6

@ar ar closed this as completed Dec 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ar @rkopka