johncarl81
commented
4 years ago It's fixed, just not pushed to maven central under a release.
Open KaviIDPal opened 4 years ago
johncarl81
commented
4 years ago It's fixed, just not pushed to maven central under a release.
While using annotationProcessor there are 5 Vulnerabilities Found in CRITICAL .
Below the library version we are used: implementation 'org.parceler:parceler-api:1.1.13' annotationProcessor 'org.parceler:parceler:1.1.13'
Vulnerabilities ID parceler-1.1.13.jar (shaded: commons-beanutils:commons-beanutils:1.9.2) parceler-1.1.13.jar (shaded: commons-collections:commons-collections:3.2.1)
I have already raised a ticket, in this ticket you mentioned that it has been fixed but it was not reflected in our codebase. Is this changes tag to master? or please give some pointers to avoid this vunerability? Thanks
Previous ticket link: https://github.com/johncarl81/parceler/issues/383