Accessors-smart is being reported against CVE-2023-1370 #141
Comments
In regards to issue: netplex#141
|
Accessors-smart itself is not concerned by CVE-2023-1370 I can bump the project version, but the code will remain the same. |
|
Yes. that is true. It would nice to keep the versions consistent. I typically have my version variables associated to the GitHub repos and when they vary, it's a bit annoying to have to create a new variable. In this instant I have two variables: |
|
jsonSmartV2Accessors contains the same code since V2.4.0 so just hard code jsonSmart Accessors version in your maven files. I will try pu push a new copy tomorrow. |
|
Any movement on pushing a 2.4.10 |
|
accessors-smart 2.4.10 is released, I let you close the issue. |
|
accessors-smart 2.4.10 does not seem to be on the Maven repos - see https://mvnrepository.com/artifact/net.minidev/accessors-smart |
|
Exactly, I see version 2.4.10 in this repository but not in maven central (yet?). Is there any ETA please? |
|
That's because json-smart 2.4.10 still has accessors-smart 2.4.9 as dependency. There's no accessors-smart 2.4.10. Could you please update? |
|
V 2.4.11 just released. no more reference to any 2.4.9 version. |
|
Confirmed 2.4.11 is released for both json-smart and smart-accessors and the cve is no longer reporting. Thanks for the update! |
It seems this CVE is being reported only against accessors-smart since the rest are updated with a new version. Is I possible to produce 2.4.10 version of this.
I am not sure why there is individual versions on the different subprojects. It seems a bit unnecessarily complicated. Should just use the same version of all the libraries in this repo.
The text was updated successfully, but these errors were encountered: