[prev in list] [next in list] [prev in thread] [next in thread]
List: fop-dev
Subject: [jira] [Updated] (FOP-3106) CVE-2022-40146 fix BATIK-1335 in batik dependency not yet included in FO
From: "David Campbell (Jira)" <jira () apache ! org>
Date: 2022-11-07 5:35:00
Message-ID: JIRA.13498028.1667798925000.74694.1667799300009 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/FOP-3106?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
David Campbell updated FOP-3106:
--------------------------------
Description:
There is a security issue [https://nvd.nist.gov/vuln/detail/CVE-2022-40146] in batik \
which is a dependency of FOP.
I understand that https://issues.apache.org/jira/browse/BATIK-1335 is the fix for \
security issue, but there's no new FOP build that includes the fixed batik version \
1.15 as a dependency.
was:
There is a security issue [https://nvd.nist.gov/vuln/detail/CVE-2022-40146] in batik \
which is dependency of FOP.
I understand that https://issues.apache.org/jira/browse/BATIK-1335 is the fix for \
security issue, but there's no new FOP build that includes the fixed batik version \
1.15 as a dependency.
> CVE-2022-40146 fix BATIK-1335 in batik dependency not yet included in FOP build
> -------------------------------------------------------------------------------
>
> Key: FOP-3106
> URL: https://issues.apache.org/jira/browse/FOP-3106
> Project: FOP
> Issue Type: Bug
> Affects Versions: 2.7
> Reporter: David Campbell
> Priority: Major
>
> There is a security issue [https://nvd.nist.gov/vuln/detail/CVE-2022-40146] in \
> batik which is a dependency of FOP. I understand that \
> https://issues.apache.org/jira/browse/BATIK-1335 is the fix for security issue, but \
> there's no new FOP build that includes the fixed batik version 1.15 as a \
> dependency.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic