Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.9.2
-
None
-
None
Description
According to X-Ray scanning of our dependencies, the current version of the maven avro plugin is due to the old plexus-utils version vulnerable to CVE-2017-1000487 and https://github.com/codehaus-plexus/plexus-utils/issues/3
Both have a high severity and can be solved by upgrading plexus-utils to > 3.0.23.
Could you please consider this in a potential new version?
Thanks
Attachments
Issue Links
- is related to
-
AVRO-2710 Upgrade Avro Maven Plugin to 3.X
- Closed
- links to