[hibernate-issues] [JIRA] (HHH-14018) Upgrade to dom4j 2.1.3 for CVE-2020-10683
Frans Flippo (JIRA)
jira at hibernate.atlassian.net
Wed May 13 08:16:13 EDT 2020
Frans Flippo ( https://hibernate.atlassian.net/secure/ViewProfile.jspa?accountId=5dadc794ba2c320c2c319e21 ) *updated* an issue
Hibernate ORM ( https://hibernate.atlassian.net/browse/HHH?atlOrigin=eyJpIjoiZWJhYmZiY2UzNzAxNDk0MmFiNjkxOTQ5ODA0ZTM1ODMiLCJwIjoiaiJ9 ) / Bug ( https://hibernate.atlassian.net/browse/HHH-14018?atlOrigin=eyJpIjoiZWJhYmZiY2UzNzAxNDk0MmFiNjkxOTQ5ODA0ZTM1ODMiLCJwIjoiaiJ9 ) HHH-14018 ( https://hibernate.atlassian.net/browse/HHH-14018?atlOrigin=eyJpIjoiZWJhYmZiY2UzNzAxNDk0MmFiNjkxOTQ5ODA0ZTM1ODMiLCJwIjoiaiJ9 ) Upgrade to dom4j 2.1.3 for CVE-2020-10683 ( https://hibernate.atlassian.net/browse/HHH-14018?atlOrigin=eyJpIjoiZWJhYmZiY2UzNzAxNDk0MmFiNjkxOTQ5ODA0ZTM1ODMiLCJwIjoiaiJ9 )
Change By: Frans Flippo ( https://hibernate.atlassian.net/secure/ViewProfile.jspa?accountId=5dadc794ba2c320c2c319e21 )
h2. Overview
the transitive dependency dom4j 1 2. 6. 1 has a CVE, which. is used by a dependency of hibernate core and has a CVE (see [ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 2020-10683)|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 2018-1000632) ]. This version is outdated.
Hibernate core shoould should upgrade to version 2. x 1. x 3 or later. org.dom4j
h2. Detail
Related to the forum https://discourse.hibernate.org/t/dom4j-raise-up-a-cve/1362.
( https://hibernate.atlassian.net/browse/HHH-14018#add-comment?atlOrigin=eyJpIjoiZWJhYmZiY2UzNzAxNDk0MmFiNjkxOTQ5ODA0ZTM1ODMiLCJwIjoiaiJ9 ) Add Comment ( https://hibernate.atlassian.net/browse/HHH-14018#add-comment?atlOrigin=eyJpIjoiZWJhYmZiY2UzNzAxNDk0MmFiNjkxOTQ5ODA0ZTM1ODMiLCJwIjoiaiJ9 )
Get Jira notifications on your phone! Download the Jira Cloud app for Android ( https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail ) or iOS ( https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100126- sha1:dd08494 )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/hibernate-issues/attachments/20200513/07925884/attachment.html
More information about the hibernate-issues
mailing list