-
Task
-
Resolution: Done
-
Neutral
-
None
-
None
-
None
-
-
Empty show more show less
-
Empty show more show less
-
Yes
magnolia-community-webapp-6.2-SNAPSHOT.war: jackrabbit-ocm-2.0.1-magnolia.jar (pkg:maven/info.magnolia.ocm/jackrabbit-ocm@2.0.1-magnolia, cpe:2.3:a:apache:jackrabbit:2.0.1:*:*:*:*:*:*:*) : CVE-2015-1833
https://nvd.nist.gov/vuln/detail/CVE-2015-1833
The CVE is about an older JackRabbit core version up to (including) 2.0.5 (Magnolia currently uses JR version 2.20.9) and mistakenly matches our recently released fork of JR OCM library (Magnolia's fork actually resolves another CVE).
Acceptance criteria
- is related to
-
TASKMGMT-66 jackrabbit-ocm dragging in commons-beanutils/commons-collections
- Closed