Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [ee4j-pmc] Fwd: Your GitHub security alerts for the week of Oct 23 - Oct 30

Hi Bill,

I am pretty sure that we are not currently watching these alerts. I will add this to the agenda for our PMC meeting next week, so we can figure out how to handle it.
Thanks!

Ivar

On Wed, Oct 31, 2018 at 12:58 AM Bill Shannon <bill.shannon@xxxxxxxxxx> wrote:
Is anyone on the PMC tracking these security alerts?

Shouldn't someone ensure that the EE4J projects are responding to these in a timely manner?

(Obviously ignore the "javaee" entries below.)


-------- Forwarded Message --------
Subject: Your GitHub security alerts for the week of Oct 23 - Oct 30
Date: Tue, 30 Oct 2018 17:36:28 +0000 (UTC)
From: GitHub <noreply@xxxxxxxxxx>
To: Bill Shannon <bill.shannon@xxxxxxxxxx>



GitHub security alerts

GitHub security alert digest

bshannon’s repository security updates from the week of Oct 23 - Oct 30

Java EE organization

Warning!

javaee / metro-jaxws-commons

Known security vulnerabilities detected

Dependency org.springframework:spring-core Version > 3.2.0 < 3.2.15 Upgrade to ~> 3.2.15
Vulnerabilities
CVE-2015-5211 High severity
CVE-2018-1270 High severity
CVE-2018-1275 High severity
CVE-2015-3192 Moderate severity
CVE-2016-5007 Moderate severity
View 3 more
Defined in pom.xml

Review all vulnerable dependencies
Warning!

javaee / javadb

Known security vulnerabilities detected

Dependency org.apache.axis:axis Version <= 1.4
Vulnerabilities
CVE-2014-3596 Moderate severity
CVE-2018-8032 Moderate severity
Defined in pom.xml

Review all vulnerable dependencies
--

Java Champion, JCP EC/EG Member, EE4J PMC, JUG Leader


Back to the top