Uploaded image for project: 'Build'
  1. Build
  2. BUILD-641

Dismiss CVE-2021-40111 and others related to Apache James server

    XMLWordPrintable

Details

    Description

      [ERROR] One or more dependencies were identified with vulnerabilities:}}
      [ERROR] apache-mime4j-core-0.8.3.jar: CVE-2021-40111, CVE-2021-40110, CVE-2021-38542, CVE-2021-40525
      

       
      James stands for Java Apache Mail Enterprise Server. Magnolia inherits some James-related dependencies via swagger/resteasy.

      The CVEs all concern the Apache James server itself https://github.com/apache/james-project not the libraries used indirectly by Magnolia, namely apache-mime4j-dom, apache-mime4j-core and apache-mime4j-storage (all separate submodules of james-mime4, independent from James server itself, see https://github.com/apache/james-mime4j).

      As such, I would dismiss the CVEs as false positives.

      [INFO] |  +- info.magnolia.rest:magnolia-rest-services:jar:2.2.11-SNAPSHOT:compile
      [INFO] |  |  +- io.swagger.core.v3:swagger-annotations:jar:2.1.11:compile
      [INFO] |  |  \- org.jboss.resteasy:resteasy-multipart-provider:jar:4.6.1.Final:compile
      [INFO] |  |     +- com.sun.mail:jakarta.mail:jar:1.6.5:compile
      [INFO] |  |     +- org.apache.james:apache-mime4j-dom:jar:0.8.3:compile
      [INFO] |  |     |  \- org.apache.james:apache-mime4j-core:jar:0.8.3:compile
      [INFO] |  |     +- org.apache.james:apache-mime4j-storage:jar:0.8.3:compile
      

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              fgrilli Federico Grilli
              fgrilli Federico Grilli
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Task DoR