Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Library versions with known CVEs #70

Closed
rocketraman opened this issue Jan 17, 2022 · 2 comments
Closed

Library versions with known CVEs #70

rocketraman opened this issue Jan 17, 2022 · 2 comments

Comments

@rocketraman
Copy link
Contributor

There are libraries with known CVEs in the published version of cfg4k -- mainly the s3 dependency brings in older versions of jackson and httpclient, and the jgit dependency also brings in an older version of httpclient.

This is fixed on my branch here: https://github.com/rocketraman/cfg4k/tree/library-updates-security.

@jdiazcano
Copy link
Owner

Hello!

As you can see I don't really have that much time anymore and I don't know when I will have that time so if you want to continue supporting it that would be great.

If you wish, I will update this repository so it points to your fork!

@rocketraman
Copy link
Contributor Author

Ok @jdiazcano , I think adding a note in the README to point to my fork makes sense for now at least. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants