search

BrunoBonacci / lein-binplus

A Leiningen plugin for producing standalone console executables that work on OS X, Linux, and Windows.
68 stars 5 forks source link

updated me.raynes/fs to latest version 1.4.6 #1

Closed andywokr closed 8 years ago

andywokr commented 8 years ago

Justification me.raynes/fs 1.4.0 contains a dependency on org.apache.commons/commons-compress 1.3. This version of the library contains a known vulnerability.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098

Since the vulnerability isn't present in the generated binary the security issue is minor but it causes us some grief because it shows up on a vulnerability scan which complicates security audits.

PR Details I have updated project.clj and executed the plugin for one of our projects. Everything worked fine for me.

BrunoBonacci commented 8 years ago

Thanks Andy, I will review/merge this PR during this weekend.

BrunoBonacci commented 8 years ago

merged thanks. Released with 0.4.2