[hibernate-issues] [JIRA] (HHH-14018) Upgrade to dom4j 2.1.3 for CVE-2020-10683

Frans Flippo ( https://hibernate.atlassian.net/secure/ViewProfile.jspa?accountId=5dadc79... ) *updated* an issue Hibernate ORM ( https://hibernate.atlassian.net/browse/HHH?atlOrigin=eyJpIjoiZWJhYmZiY2Uz... ) / Bug ( https://hibernate.atlassian.net/browse/HHH-14018?atlOrigin=eyJpIjoiZWJhYm... ) HHH-14018 ( https://hibernate.atlassian.net/browse/HHH-14018?atlOrigin=eyJpIjoiZWJhYm... ) Upgrade to dom4j 2.1.3 for CVE-2020-10683 ( https://hibernate.atlassian.net/browse/HHH-14018?atlOrigin=eyJpIjoiZWJhYm... ) Change By: Frans Flippo ( https://hibernate.atlassian.net/secure/ViewProfile.jspa?accountId=5dadc79... ) h2. Overview the transitive dependency dom4j 1 2. 6. 1 has a CVE, which. is used by a dependency of hibernate core and has a CVE (see [ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 2020-10683)|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 2018-1000632) ]. This version is  outdated. Hibernate core shoould should upgrade to version 2. x 1. x 3 or later. org.dom4j h2. Detail Related to the forum https://discourse.hibernate.org/t/dom4j-raise-up-a-cve/1362. ( https://hibernate.atlassian.net/browse/HHH-14018#add-comment?atlOrigin=ey... ) Add Comment ( https://hibernate.atlassian.net/browse/HHH-14018#add-comment?atlOrigin=ey... ) Get Jira notifications on your phone! Download the Jira Cloud app for Android ( https://play.google.com/store/apps/details?id=com.atlassian.android.jira.... ) or iOS ( https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=Em... ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100126- sha1:dd08494 )