search

Kotlin / kotlinx.html

Kotlin DSL for HTML
Apache License 2.0
1.63k stars 133 forks source link

There is a vulnerability in jackson-databind:2.10.1,upgrade recommended #205

Closed QiAnXinCodeSafe closed 1 year ago

QiAnXinCodeSafe commented 1 year ago

https://github.com/Kotlin/kotlinx.html/blob/3466e6f40ce242e4dfacdadd65571abd2385bb58/build.gradle.kts#L204

CVE-2020-25649 CVE-2022-42004 CVE-2022-42003 CVE-2020-36518

Recommended upgrade version:2.12.7.1

severn-everett commented 1 year ago

Is this dependency necessary? I couldn't find any references to Jackson in the code and was able to execute the tests in jvmTest successfully with the Jackson dependencies removed in my PR.

severn-everett commented 1 year ago

The dependency has been removed in this commit. @e5l who would be able to close this issue?

e5l commented 1 year ago

Thanks, closed