You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our build is currently broken due to a security vulnerability being reported by the OWASP check plugin. The reported issue is CVE-2023-34411. I admit that I am not quite familiar with addressing security issues, but it seems to me, that the issue is actually caused by isorelax library which seems to be some transitive dependency of woodstox.
If this is the case, is there any countermeasure planned or can you give as some hint of how to address this issue?
The text was updated successfully, but these errors were encountered:
Thank you @Fynnyan -- yes, it looks like weird mismatch for sure.
Now: if isorelax library had an issue, it would only affect Woodstox if and when user enables RelaxNG validation which is not something that is every automatically enabled on specific input. So it would be unlikely to be applicable for most users.
But as-is, this looks like fully incorrect tagging.
Our build is currently broken due to a security vulnerability being reported by the OWASP check plugin. The reported issue is CVE-2023-34411. I admit that I am not quite familiar with addressing security issues, but it seems to me, that the issue is actually caused by isorelax library which seems to be some transitive dependency of woodstox.
If this is the case, is there any countermeasure planned or can you give as some hint of how to address this issue?
The text was updated successfully, but these errors were encountered: