-
-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Accessors-smart is being reported against CVE-2023-1370 #141
Comments
In regards to issue: netplex#141
Accessors-smart itself is not concerned by CVE-2023-1370 I can bump the project version, but the code will remain the same. |
Yes. that is true. It would nice to keep the versions consistent. I typically have my version variables associated to the GitHub repos and when they vary, it's a bit annoying to have to create a new variable. In this instant I have two variables: |
jsonSmartV2Accessors contains the same code since V2.4.0 so just hard code jsonSmart Accessors version in your maven files. I will try pu push a new copy tomorrow. |
Any movement on pushing a 2.4.10 |
accessors-smart 2.4.10 is released, I let you close the issue. |
accessors-smart 2.4.10 does not seem to be on the Maven repos - see https://mvnrepository.com/artifact/net.minidev/accessors-smart |
Exactly, I see version 2.4.10 in this repository but not in maven central (yet?). Is there any ETA please? |
That's because json-smart 2.4.10 still has accessors-smart 2.4.9 as dependency. There's no accessors-smart 2.4.10. Could you please update? |
V 2.4.11 just released. no more reference to any 2.4.9 version. |
Confirmed 2.4.11 is released for both json-smart and smart-accessors and the cve is no longer reporting. Thanks for the update! |
It seems this CVE is being reported only against accessors-smart since the rest are updated with a new version. Is I possible to produce 2.4.10 version of this.
I am not sure why there is individual versions on the different subprojects. It seems a bit unnecessarily complicated. Should just use the same version of all the libraries in this repo.
The text was updated successfully, but these errors were encountered: