Closed dobrawek closed 1 year ago
Unlikely to work because ES 5.6 relies on com.vividsolutions.jts
Is it possible to exclude the versions update that are uncertain of and approve the rest?
Specifically, I planned to create a PR to update log4j to 2.17.2 (same version as @dobrawek did), but noticed it's already part of this PR.
This is to resolve these two issues: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105
See #620 for the mentioned CVEs. They have been long since resolved.
I've started working with photon - I've updated all dependencies to the lastest and changed usage of com.vividsolutions.jts to org.locationtech.jts that is now a part of latest postgis