Uploaded image for project: 'Build'
  1. Build
  2. BUILD-443

Dismiss CVE reports related to xstream

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Neutral
    • POMs 42
    • POMs 41
    • None
    • Maintenance 50
    • 1

    Description

      CVE scan identified more vulnerabilities in Magnolia DX Core webapp related to xstream.

       xstream-1.4.15.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.15, cpe:2.3:a:xstream_project:xstream:1.4.15:*:*:*:*:*:*:*) : CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351
      

      xstream is pulled in via  info.magnolia.workflow:magnolia-module-workflow-jbpm -> ... -> org.jbpm:jbpm-flow and is not used directly by Magnolia as it was determined by DEV-1689

      I would therefore dismiss CVE warnings regarding it from now on. Let's rather consider updating jbpm libraries in workflow instead.

       

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              fgrilli Federico Grilli
              fgrilli Federico Grilli
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Task DoR