Uploaded image for project: 'Build'
  1. Build
  2. BUILD-1127

Dismiss CVE mismatch about Quartz library (CVE-2023-39017)

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Neutral Neutral
    • None
    • None
    • None
    • Yes

      https://nvd.nist.gov/vuln/detail/CVE-2023-39017

      The issue would actually concern the artifact quartz-jobs which Magnolia doesn't use but the CPE erroneously matches any quartz artifact, see also https://github.com/quartz-scheduler/quartz/issues/943#issuecomment-1666141115

      [INFO] |  +- info.magnolia.task:magnolia-task-management:jar:1.2.11:compile
[INFO] |  |  +- org.quartz-scheduler:quartz:jar:2.3.2:compile

        Acceptance criteria

              fgrilli Federico Grilli
              fgrilli Federico Grilli
              Foundation
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved:
                Work Started:

                  Task DoR