Uploaded image for project: 'Build'
  1. Build
  2. BUILD-373 Implement OWASP Dependency Check for selected webapps
  3. BUILD-377

Manage three last libraries in dx-core CVE report

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Fixed
    • Icon: Neutral Neutral
    • BOM 6.2
    • None
    • None
    • 6.2 Ramp-up 19, 6.2 Ramp-up 20

      commons-collections-3.1.jar

      • via org.apache:jackrabbit-ocm:jar:2.0.0 (not maintained)
      • check if any transitive commons-collections >= 3.2.2 drag in, otherwise manage the version in boms & sync with jackrabbit
        • other jackrabbit libs bring 3.2.2 => exclude from ocm to make sure we don't conflict
      • re-check workflow functional

      slf4j-ext-1.7.25

      • exclude in org.testcontainers:testcontainers
      • manage in pom, sync the version with current/other slf4j libs (1.7.30)

      groovy-all-2.2.1.jar

      • manage in boms, same version with groovy group
      • upgrade in magnolia-dx-core-integration-tests

      postgresql-42.1.4.jre7.jar: notified cloud teams.

            dai.ha Dai Ha
            dai.ha Dai Ha
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0d
                0d
                Logged:
                Time Spent - 0.75d
                0.75d