You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We consume org.jdom:jdom2-2.0.6.1.jar. This version of the library is not vulnerable to CVE-2021-33813. (I went through the related issue #189).
The Implementation-Version value found in MANIFEST.MF file inside the 2.0.6.1 jar is 2.x-2021.11.08.17.25.
Due to the above mismatch in jar version and the implementation-version field inside MANIFEST.MF file, scanners are unable to determine right version of this jar and continue to flag it for the above CVE.
Expectation: The version should be consistent so as to avoid any such inconveniences.
The text was updated successfully, but these errors were encountered:
Just tried to build it with a little change in build.xml and confirmed that it would fix this problem. I'm afraid 2.0.6.1 is already released, so this would require a new build and push to maven central, perhaps using version 2.0.6.2.
We consume org.jdom:jdom2-2.0.6.1.jar. This version of the library is not vulnerable to CVE-2021-33813. (I went through the related issue #189).
The Implementation-Version value found in MANIFEST.MF file inside the 2.0.6.1 jar is
2.x-2021.11.08.17.25
.Due to the above mismatch in jar version and the implementation-version field inside MANIFEST.MF file, scanners are unable to determine right version of this jar and continue to flag it for the above CVE.
Expectation: The version should be consistent so as to avoid any such inconveniences.
The text was updated successfully, but these errors were encountered: