Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exposed to vulnerabilities ? #20

Closed
ikus060 opened this issue Feb 7, 2022 · 1 comment
Closed

Exposed to vulnerabilities ? #20

ikus060 opened this issue Feb 7, 2022 · 1 comment

Comments

@ikus060
Copy link

ikus060 commented Feb 7, 2022

See https://mvnrepository.com/artifact/org.soulwing.snmp/tnm4j/1.1.1
image
@ceharris
Copy link
Member

ceharris commented Feb 8, 2022
edited
Loading

If you look at pom.xml you'll see that the CVEs you mention apply to libraries that are not required to use the library itself. One of the CVEs applies to JUnit which is used when running unit tests, the other is used when running the demos. Neither of them need to be on the runtime class path. If, in using the library, you want to use logback, you could use any later version, since Tnm4j integrates logging through slf4j rather than using logback directly.

That said, neither of these vulnerabilities is particularly difficult to fix (just version bumps to later versions). I just updated master to use a later version of the parent POM which should version bump those dependencies to versions that aren't vulnerable to those CVEs.

@ceharris ceharris closed this as completed Feb 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ikus060 @ceharris