Message Title

The fix version is set to 5.2-next and I see this on the HEAD of the 5.2 branch, but I’m wondering what exact version of 5.2 is this fix in? On the NIST site, the CVE says:

In Hibernate Validator 5.2.x before 5.2.5 final

This makes me think that 5.2.5 Final is not vulnerable. However, I don’t see it in the 5.2 changelog, so I’m confused. Fossa scan is also reporting 5.2.5 Final as vulnerable. Can you confirm the fix is in 5.2.5 Final or if there’s a 5.2.6 planned that will have this fix or if going to 5.3 (or 5.4) is the way to go?

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS

This message was sent by Atlassian Jira