Closed gakhrejah closed 5 years ago
JARS in which vulnerabilities are fixed
bcprov-jdk15on-1.61.jar commons-collections4-4.2.jar
Can you please let us know how can we update the pre existing jar in gradle package i.e. gradle-5.1.1-all.zip
NOTE: I want the jar to be updated in gradle package inside lib folder .
Please let me know if you need any other info
Issue moved to gradle/gradle #8857 via ZenHub
The gradle/gradle-native
board is for native (C++, Swift, etc) only issues. Please use gradle/gradle
issue tracker for all other issues instead.
Hi Team,
I am using Gradle 5.1.1 version to compile my spring boot applications in a docker container. I am using JFROG as an artifactory to store all the artifact . It runs a JFROG artifact scan which is causing the issue . Gradle 5.1.1 comes with a common-collection-3.2.2.jar in lib folder and bcprov-jdk15on-1.60.jar in lib/plugin folder . These JAR is causing the JFROG XRAY issue These are vulnerabilities which is causing my build to fail
Expected Behavior
XRAY scan should pass
Current Behavior
XRAY scan is failing with the vulnerabilities attached
Context
Can you please let me know 1) Is there any we can upgrade these 2 jar in gradle-5.1.1. 2) I have tried directly replacing the jar with the upgraded version but then it is not able to compile my code.
Please let me know , as this issue is blocker. Please let me know if you require any other info
XRAY-SCAN-LOGS.txt for us