[Comment Edited] (MNG-6312) Update Maven Wagon dependency

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Comment Edited] (MNG-6312) Update Maven Wagon dependency

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/MNG-6312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16325092#comment-16325092 ]

Karl Heinz Marbaise edited comment on MNG-6312 at 1/13/18 11:39 AM:
--------------------------------------------------------------------

Hi [~slachiewicz] sorry already had created a branch with change for..Sorry to bother you


was (Author: khmarbaise):
Hi [~slachiewicz] would you like to offer an PR ?

> Update Maven Wagon dependency
> -----------------------------
>
>                 Key: MNG-6312
>                 URL: https://issues.apache.org/jira/browse/MNG-6312
>             Project: Maven
>          Issue Type: Dependency upgrade
>    Affects Versions: 3.5.0
>            Reporter: Sylwester Lachiewicz
>            Assignee: Karl Heinz Marbaise
>             Fix For: 3.5.3
>
>
> Based on OWASP report - update Maven Wagon from 2.12 to 3.0.0 to fix known vulnerability in shaded jsoup
> wagon-http-2.12-shaded.jar\META-INF/maven/org.jsoup/jsoup/pom.xml (cpe:/a:jsoup:jsoup:1.7.2, org.jsoup:jsoup:1.7.2) : CVE-2015-6748



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)