This was resolved with RESTEASY-2843 [1] and will be included in 3.15.2. However it's not a critical CVE and it's has an easy workaround of using an ExceptionMapper or another way of not having endpoints return the raw exception.

[1]: https://issues.redhat.com/browse/RESTEASY-2843

On Tue, Apr 27, 2021 at 3:42 AM Aishwarya soma <aishsoma555@gmail.com> wrote:
our sonatype scan reported below vulnerability for RestEasy jaxrs 3.15.1 Final.CVE-2021-20289 when will be a new version release with this fix.

_______________________________________________
resteasy-dev mailing list -- resteasy-dev@lists.jboss.org
To unsubscribe send an email to resteasy-dev-leave@lists.jboss.org


--
James R. Perkins
JBoss by Red Hat