lukasj
commented
8 months ago Is jakarta.activation-api(https://mvnrepository.com/artifact/jakarta.activation/jakarta.activation-api/2.1.2 ) and jakarta.activation(https://mvnrepository.com/artifact/com.sun.activation/jakarta.activation/2.0.1 ) depedencies same.
to move from com.sun.activation:jakarta.activation:2.0.1 to a newer version, you have to use jakarta.activation:jakarta.activation-api:2.1.2 with org.eclipse.angus:angus-activation:2.0.1
We wanted to bring to your attention that during the industry-standard security scan in our frameworks, a potential operational risk was detected in the com.sun.activation:jakarta.activation:2.0.1 library. To mitigate this risk, we are actively investigating the issue and working identifying a newer version of com.sun.activation:jakarta.activation that addresses the identified security concern and also need some info on jakarta.activation-api. Is jakarta.activation-api(https://mvnrepository.com/artifact/jakarta.activation/jakarta.activation-api/2.1.2 ) and jakarta.activation(https://mvnrepository.com/artifact/com.sun.activation/jakarta.activation/2.0.1 ) depedencies same. Our priority is to ensure the security and reliability of our software. We request you to please provide a newer version of vulnerable free 'Jakarta Activation' library or please let us know if both depedencies are same, do we need to move to Jakarta Activation API.