james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thibaut SAUTEREAU (JIRA)" <server-...@james.apache.org>
Subject [jira] [Created] (JAMES-2209) Upgrade libraries containing CVEs
Date Wed, 08 Nov 2017 09:30:00 GMT
Thibaut SAUTEREAU created JAMES-2209:

             Summary: Upgrade libraries containing CVEs
                 Key: JAMES-2209
                 URL: https://issues.apache.org/jira/browse/JAMES-2209
             Project: James Server
          Issue Type: Bug
    Affects Versions: master
            Reporter: Thibaut SAUTEREAU

The following libraries were reported by the OWASP Dependency Checker as containing CVEs:

ActiveMQ (CVE-2015-5183 and CVE-2015-5184)
        -> upgrade from 5.15.0 to 5.15.2 (last stable)

logback-classic (CVE-2017-5929)
        -> upgrade from 1.1.7 to 1.1.11 (last stable of 1.1.x)

jetty (CVE-2017-9735)
        -> upgrade from 9.4.4 to 9.4.7.v20170914 (last stable)

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

View raw message