-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Got security warning for JDOM » 2.0.6.1 - CVE-2022-34169 #203
Comments
What do you propose be done? |
@hunterhacker I think it is mainly about updating xerces to 2.7.3, which shouldn't be that hard and doing a release in order to please scanners. Probably just a matter of available time :) |
Both Xalan and Xerces are optional dependencies for JDom2 so the version used is up to users - and indeed believe you can replace them with alternative implementations. There are patched versions of xerces ( I'd suggest people check that they are not pulling in optional dependencies due to issues with their build system, and/or remove them if not needed? |
There is a Xalan 2.7.3 released in April this year that fixes the mentioned CVE according to https://xalan.apache.org/xalan-j/readme.html#done. |
Hello Team Hunter hacker,
we are currently using JDOM: 2.0.6.1 and facing vulnerability warning for CVE-2022-34169 and 4 for XCERS library.
so can we get a fix for these vulnerabilities.
The text was updated successfully, but these errors were encountered: