search

jfrog / build-info

Artifactory's open integration layer for CI build servers
https://www.buildinfo.org
Apache License 2.0
145 stars 154 forks source link

Upgrade commons compress to latest owing to CVE-2023-42503 #756

Closed gregallen closed 9 months ago

gregallen commented 10 months ago

Describe the bug Users of library flagged as vulnerable by security scanners owing to transitive dep

To Reproduce Steps to reproduce the behavior

Expected behavior Should not be vulnerable

Screenshots If applicable, add screenshots to help explain your problem.

Versions

Additional context Add any other context about the problem here.

gregallen commented 10 months ago

see https://nvd.nist.gov/vuln/detail/CVE-2023-42503

gregallen commented 10 months ago

fixed by #760