Closed rukiataliu closed 1 week ago
In relation to the webcrawler version 3.0.2, both libraries are utilized in Norconex-commons-lang v2. Furthermore, the upcoming web-crawler version 4 will adopt the new Norconex-commons-lang v3.
Despite Norconex-commons-lang v3 (the upcoming webcrawler v4) still employing ICU4j 4.6, necessary to mention that the vulnerability associated with version 4.6 pertains to remote access, a feature neither utilized by Norconex-commons-lang v2 nor v3. Consequently, both versions of Norconex-commons-lang are considered safe.
The upgrade from Jackson-databind 2.8.9 to version 2.16.1 is implemented in the new Norconex-commons-lang v3 (upcoming webcrawler v4).
-Ryan Ng
Thanks a lot Ryan! Do you know when this v4 will be available?Thanks Sent from my iPhoneOn Feb 26, 2024, at 5:58 PM, Ryan Ng @.***> wrote: In relation to the webcrawler version 3.0.2, both libraries are utilized in Norconex-commons-lang v2. Furthermore, the upcoming web-crawler version 4 will adopt the new Norconex-commons-lang v3.
Despite Norconex-commons-lang v3 (the upcoming webcrawler v4) still employing ICU4j 4.6, necessary to mention that the vulnerability associated with version 4.6 pertains to remote access, a feature neither utilized by Norconex-commons-lang v2 nor v3. Consequently, both versions of Norconex-commons-lang are considered safe.
The upgrade from Jackson-databind 2.8.9 to version 2.16.1 is implemented in the new Norconex-commons-lang v3 (upcoming webcrawler v4).
-Ryan Ng
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.***>
We don't have a set date for the v4 release yet. Stay updated by subscribing to our website, and following us on Facebook or LinkedIn for the latest updates. Once it's ready, we'll announce it on our public channels.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
We are using Norconex as our webcrawler and we discovered that version 3.0.2 has components with vulnerabilities, please see below.
1) ICU4j 4.6 2) Jackson-databind 2.8.9
Is there a plan to upgrade these components to a newer less vulnerable versions.
Thanks