Open at055612 opened 1 year ago
v1.5 - v1.9 (inclusive) of apache commons-text have a vulnerability. Need to upgrade to v1.10.0. Note dropwizard 1.3.29 which 7.0 uses pulls in commons-text 1.9. In 7.1 we can likely fix this by upgrading dropwizard to a patched vesion.
Fixed on the 7.0 branch in >7.0.5
Still need to make sure 7.1 is ok, i.e by uplifting DW to the latest version and making sure commons-text is >1.9
v1.5 - v1.9 (inclusive) of apache commons-text have a vulnerability. Need to upgrade to v1.10.0. Note dropwizard 1.3.29 which 7.0 uses pulls in commons-text 1.9. In 7.1 we can likely fix this by upgrading dropwizard to a patched vesion.