search

jfrog / build-info

Artifactory's open integration layer for CI build servers
https://www.buildinfo.org
Apache License 2.0
145 stars 154 forks source link

[CVE-2015-3253] Artifactory Maven Plugin 2.6.1 #206

Closed mmurdockk closed 3 years ago

mmurdockk commented 5 years ago

Hi JFrog,

When using the artifactory-maven-plugin:2.6.1, Xray analysis find CVE in generated jar.

It's probably due to the dependency build-info-extractor-maven3 that includes groovy-all:2.1.6, that includes commons-cli:1.2...

Can you please fix this?

Thanks!

RobiNino commented 5 years ago

Hi @Modzful , We just release artifactory-maven-plugin:2.7.0 that is vulnerability free. Thanks for reporting this issue!