Multiple dependencies have vulnerabilities/security issues #108

BryceMehring · 2018-11-30T15:01:26Z

The following dependencies have vulnerabilities/security issues:

xmlsec-1.4.3.jar (cpe:/a:apache:santuario_xml_security_for_java:1.4.3, org.apache.santuario:xmlsec:1.4.3, cpe:/a:apache:xml_security_for_java:1.4.3) : CVE-2013-4517
bcprov-jdk15on-1.54.jar (cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.54, cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.54, org.bouncycastle:bcprov-jdk15on:1.54, cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.54) : CVE-2016-1000341, CVE-2016-1000352, CVE-2016-1000340, CVE-2016-2427, CVE-2018-1000613, CVE-2016-1000339, CVE-2016-1000346, CVE-2016-1000338, CVE-2017-13098, CVE-2016-1000343, CVE-2018-1000180, CVE-2016-1000342, CVE-2016-1000345, CVE-2016-1000344
opensaml-2.5.1-1.jar (org.opensaml:opensaml:2.5.1-1, cpe:/a:shibboleth:opensaml:2.5.1.1) : CVE-2013-6440

Please upgrade the dependencies to fix these security issues.

sparecycles · 2019-07-16T21:27:44Z

@BryceMehring have any of these vulnerabilities been mitigated by the 6.2.7 release?

mahendya1002 · 2020-04-16T10:48:32Z

yes.

mahendya1002 closed this as completed Apr 16, 2020

Provide feedback