Details
-
Task
-
Resolution: Done
-
Neutral
-
None
-
None
-
-
Empty show more show less
-
Empty show more show less
Description
[ERROR] One or more dependencies were identified with vulnerabilities:}} [ERROR] apache-mime4j-core-0.8.3.jar: CVE-2021-40111, CVE-2021-40110, CVE-2021-38542, CVE-2021-40525
James stands for Java Apache Mail Enterprise Server. Magnolia inherits some James-related dependencies via swagger/resteasy.
The CVEs all concern the Apache James server itself https://github.com/apache/james-project not the libraries used indirectly by Magnolia, namely apache-mime4j-dom, apache-mime4j-core and apache-mime4j-storage (all separate submodules of james-mime4, independent from James server itself, see https://github.com/apache/james-mime4j).
As such, I would dismiss the CVEs as false positives.
[INFO] | +- info.magnolia.rest:magnolia-rest-services:jar:2.2.11-SNAPSHOT:compile [INFO] | | +- io.swagger.core.v3:swagger-annotations:jar:2.1.11:compile [INFO] | | \- org.jboss.resteasy:resteasy-multipart-provider:jar:4.6.1.Final:compile [INFO] | | +- com.sun.mail:jakarta.mail:jar:1.6.5:compile [INFO] | | +- org.apache.james:apache-mime4j-dom:jar:0.8.3:compile [INFO] | | | \- org.apache.james:apache-mime4j-core:jar:0.8.3:compile [INFO] | | +- org.apache.james:apache-mime4j-storage:jar:0.8.3:compile
Checklists
Acceptance criteria