Vulnerable dependency xmlrpc-common-3.1.3.jar: CVE-2016-5002

[concernedrat]

A quick security check on the dependencies thrown a high (CVSS >= 8) for xmlrpc-common.

I will submit a patch (major update) to this project to swap the xmlrpc client for a non-vulnerable xmlrpc client

[concernedrat]

Planning to use this lib:

https://github.com/gturri/aXMLRPC

Any suggestions are greatly appreciated.

[flotho]

Hi @georgerb , Thanks for your proposal. This point has been pointed out by Pentaho Team https://github.com/DeBortoliWines/openerp-java-api/issues/43 . So great idea.