Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ML Java Client v2.0.5 - CVE vulnerability (CVE-2014-0107) #367

Closed
davidbcollins opened this issue Oct 27, 2015 · 3 comments
Closed

ML Java Client v2.0.5 - CVE vulnerability (CVE-2014-0107) #367

davidbcollins opened this issue Oct 27, 2015 · 3 comments
Assignees
@georgeajit
Labels
Bug major ship
Milestone
java-client-api-4...

Comments

@davidbcollins
Copy link

A known vulnerability exists in a dependency: CVE-2014-0107.

It is in xalan-2.7.1 which is a dependency of jdom2-2.0.5.
@sammefford sammefford modified the milestone: N/A Nov 8, 2016
@jmakeig jmakeig mentioned this issue May 3, 2017
Closed
@sammefford
Copy link
Contributor

Fixed by commit f13e091

@sammefford sammefford modified the milestones: java-client-api-4.0.2, N/A May 3, 2017
@sammefford
Copy link
Contributor

@georgeajit could you just make sure this didn't introduce any regressions?

@georgeajit georgeajit added ship and removed test labels May 5, 2017
@georgeajit
Copy link
Contributor

No regressions seen. Verified on 05/04/2017 regression status page. The project has the newer versions of Jars in local maven repository,as specified in the commit.

@jmakeig jmakeig closed this as completed Sep 19, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@georgeajit georgeajit

Labels
Bug major ship
Projects
None yet
Milestone
java-client-api-4.0.2
Development

No branches or pull requests
4 participants
@jmakeig @sammefford @georgeajit @davidbcollins