Uploaded image for project: 'Build'
  1. Build
  2. BUILD-1039

Dismiss CVE mismatch about info.magnolia.ocm:jackrabbit-ocm:2.0.1-magnolia

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Neutral
    • None
    • None
    • None
    • Yes

    Description

      magnolia-community-webapp-6.2-SNAPSHOT.war: jackrabbit-ocm-2.0.1-magnolia.jar (pkg:maven/info.magnolia.ocm/jackrabbit-ocm@2.0.1-magnolia, cpe:2.3:a:apache:jackrabbit:2.0.1:*:*:*:*:*:*:*) : CVE-2015-1833
      

      https://nvd.nist.gov/vuln/detail/CVE-2015-1833

      The CVE is about an older JackRabbit core version up to (including) 2.0.5 (Magnolia currently uses JR version 2.20.9) and mistakenly matches our recently released fork of JR OCM library (Magnolia's fork actually resolves another CVE).

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                fgrilli Federico Grilli
                fgrilli Federico Grilli
                Foundation
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:
                  Work Started:

                  Checklists

                    Task DoR