tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Gallimore (Jira)" <>
Subject [jira] [Created] (TOMEE-2672) Update Quartz
Date Sun, 08 Sep 2019 20:09:00 GMT
Jonathan Gallimore created TOMEE-2672:

             Summary: Update Quartz
                 Key: TOMEE-2672
             Project: TomEE
          Issue Type: Dependency upgrade
            Reporter: Jonathan Gallimore
            Assignee: Jonathan Gallimore

Our shaded quartz library includes a version of quartz that is vulnerable to CVE-2019-13990
([]). Although we don't have a code-path
through XMLSchedulingDataProcessor, it makes sense to patch this as a user could theoretically
use it, and libraries showing up with vulnerabilities can be a blocker to using TomEE.

This message was sent by Atlassian Jira

View raw message