[prev in list] [next in list] [prev in thread] [next in thread]
List: axis-user-ja
Subject: [jira] [Commented] (AXIS2-5996) Axis contains a vulnerable dependecy
From: "Robert Lazarski (Jira)" <jira () apache ! org>
Date: 2021-03-11 17:20:00
Message-ID: JIRA.13363641.1615405994000.69714.1615483200272 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/AXIS2-5996?page=com.atlassian.jira.plugin. \
system.issuetabpanels:comment-tabpanel&focusedCommentId=17299746#comment-17299746 ]
Robert Lazarski commented on AXIS2-5996:
----------------------------------------
Joseph, you can simply drop in the latest jar into Maven for the 1.7.9 release:
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.13</version>
</dependency>
We have an open thread on the dev mailing list concerning the next release. There are \
still some outstanding items.
About the release, sooner rather than later as we'd like to get these vulnerabilities \
patched in our user base asap.
> Axis contains a vulnerable dependecy
> ------------------------------------
>
> Key: AXIS2-5996
> URL: https://issues.apache.org/jira/browse/AXIS2-5996
> Project: Axis2
> Issue Type: Bug
> Affects Versions: 1.7.9
> Reporter: Joseph
> Priority: Major
> Labels: security
>
> Axis 2 is dependent on Apache Client 4.5.3 which is vulnerable to CVE-2020-13956
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic