You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
All versions of velocity older than version 2.3 have been found to be vulnerable to remote code execution attacks, as captured in CVE-2020-13936 and has a CVSS score of 8.8 (high). Although this plugin does not permit template uploads, all corporate Maven import tools will still identify and flag this plugin as a vulnerable library since it transitively depends on Velocity 1.7.
The only option at this point is to remove all use of Doxia Site Renderer and generate identical HTML output within the plugin since Doxia Site Renderer relies on Velocity 1.7
The text was updated successfully, but these errors were encountered:
All versions of velocity older than version 2.3 have been found to be vulnerable to remote code execution attacks, as captured in CVE-2020-13936 and has a CVSS score of 8.8 (high). Although this plugin does not permit template uploads, all corporate Maven import tools will still identify and flag this plugin as a vulnerable library since it transitively depends on Velocity 1.7.
The only option at this point is to remove all use of Doxia Site Renderer and generate identical HTML output within the plugin since Doxia Site Renderer relies on Velocity 1.7
The text was updated successfully, but these errors were encountered: