You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am a new user of JIBX plugin. Thank you much for the great plugin. Currently I am using jibx-extras version 1.3.3 as dependency.
I see that there is a compile dependency on dom4j:jar:1.6.1 from JIBX side.
I am a new user of JIBX plugin. Thank you much for the great plugin. Currently I am using jibx-extras version 1.3.3 as dependency.
I see that there is a compile dependency on dom4j:jar:1.6.1 from JIBX side.
Same dom4j version is listed in dependencies page as well.
http://jibx.sourceforge.net/maven-jibx-plugin/dependencies.html
dom4j version older than 2.1.1 are listed as vulnerable because of CVE-2018-1000632
https://nvd.nist.gov/vuln/detail/CVE-2018-1000632
If I override dom4j to 2.1.1 at runtime, I get runtime issues.
Is it possible to update dom4j to 2.1.1, so that all the JIBX users can benefit ?
Note: dom4j package changes from dom4j:dom4j to org.dom4j:dom4j in 2.x
The text was updated successfully, but these errors were encountered: