tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Gallimore (Jira)" <j...@apache.org>
Subject [jira] [Created] (TOMEE-2672) Update Quartz
Date Sun, 08 Sep 2019 20:09:00 GMT
Jonathan Gallimore created TOMEE-2672:
-----------------------------------------

             Summary: Update Quartz
                 Key: TOMEE-2672
                 URL: https://issues.apache.org/jira/browse/TOMEE-2672
             Project: TomEE
          Issue Type: Dependency upgrade
            Reporter: Jonathan Gallimore
            Assignee: Jonathan Gallimore


Our shaded quartz library includes a version of quartz that is vulnerable to CVE-2019-13990
([https://github.com/quartz-scheduler/quartz/issues/467]). Although we don't have a code-path
through XMLSchedulingDataProcessor, it makes sense to patch this as a user could theoretically
use it, and libraries showing up with vulnerabilities can be a blocker to using TomEE.



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Mime
View raw message