at055612
commented
1 year ago Fixed on the 7.0 branch in >7.0.5
Open at055612 opened 1 year ago
at055612
commented
1 year ago Fixed on the 7.0 branch in >7.0.5
at055612
commented
1 year ago Still need to make sure 7.1 is ok, i.e by uplifting DW to the latest version and making sure commons-text is >1.9
v1.5 - v1.9 (inclusive) of apache commons-text have a vulnerability. Need to upgrade to v1.10.0. Note dropwizard 1.3.29 which 7.0 uses pulls in commons-text 1.9. In 7.1 we can likely fix this by upgrading dropwizard to a patched vesion.