Vulnerability requires update of commons-configuration2 to 2.9.0

stoicflame / enunciate

Build-time enhancement tool for Java-based Web services projects

http://enunciate.webcohesion.com/

Other

480 stars 201 forks source link

Vulnerability requires update of commons-configuration2 to 2.9.0 #1172

Closed bwlewis72 closed 1 year ago

bwlewis72 commented 1 year ago

Version 2.15.1 uses commons-configuration2 version 2.8.0 which uses Commons-text version 1.9 which is vulnerable to Apache text4shell. It is a high severity vulnerability.

You need to update the commons-configuration2 to version 2.9.0 to resolve this issue.

bwlewis72 commented 1 year ago

Thanks for adding it to the next build. Do you have a generic goal for releasing 2.16.0?

stoicflame commented 1 year ago

Enunciate 2.16.1 has been released.