Vulnerabilities reported on the mvnrepository website

javadelight / delight-fileupload

A simple wrapper for Apache Commons FileUpload to use it with Netty and other IO servers

Other

10 stars 3 forks source link

Vulnerabilities reported on the mvnrepository website #9

Open MikeWarren2014 opened 1 year ago

MikeWarren2014 commented 1 year ago

I'm impressed by the simplicity and ease of use of this, and was about to download this, via the mvnrepository website, but faced the following vulnerability warnings :

[ ] CVE-2023-24998
[ ] CVE-2023-24998

Please look into this

MikeWarren2014 commented 1 year ago

UPDATE: I see one of the vulnerabilities fixed on this repository, but not in there...

I wonder if mvnrepository will notice the fix if you update the version...

mxro commented 1 year ago

Thank you for raising this issue!

Indeed the workflow for publishing this to Maven central does currently not exist. Will add it to my to do list to add this along the lines of https://github.com/javadelight/delight-nashorn-sandbox/blob/master/.github/workflows/publish.yml

With that in place, the newest version should always be the published one!

mxro commented 1 year ago

All done - new version 0.0.6 published! And will be easy to publish any changes you propose via PRs to Maven central as well.