You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The POM file already has version 0.12.0 specified before Jena dependency. For some reason, 0.10.0 is still being included in the executables. Perhaps someone more familiar with POM files could take a look and see what the issue is and provide a PR to fix.
The current version used by Jena ARQ is 0.10.0 which has a medium severity CVE-2018-11798.
Although likely does not pose a threat to the current usage of libthrift within the SPDX tools, it should be upgraded to remove the vulnerability.
The text was updated successfully, but these errors were encountered: