[resteasy-dev] Re: Vulnerability found for RestEasy jaxrs (CVE-2021-20289)
This was resolved with RESTEASY-2843
<https://issues.redhat.com/browse/RESTEASY-2843> [1] and will be included
in 3.15.2. However it's not a critical CVE and it's has an easy workaround
of using an ExceptionMapper or another way of not having endpoints return
the raw exception.
[1]: https://issues.redhat.com/browse/RESTEASY-2843
On Tue, Apr 27, 2021 at 3:42 AM Aishwarya soma <aishsoma555(a)gmail.com>
wrote:
our sonatype scan reported below vulnerability for RestEasy jaxrs
3.15.1
Final.CVE-2021-20289 when will be a new version release with this fix.
_______________________________________________
resteasy-dev mailing list -- resteasy-dev(a)lists.jboss.org
To unsubscribe send an email to resteasy-dev-leave(a)lists.jboss.org
--
James R. Perkins
JBoss by Red Hat
Attachments:
- attachment.html (text/html — 1.4 KB)