pmonks
commented
7 years ago Moving this issue over to symphony-java-api, where it belongs.
Closed pmonks closed 7 years ago
pmonks
commented
7 years ago Moving this issue over to symphony-java-api, where it belongs.
pmonks
commented
7 years ago
The version of the javassist library used by the project (an indirect dependency that comes in through the Jersey client) has a serious vulnerability that has been addressed in newer versions. While this can be overridden by downstream consumers of SJC, it would be better if SJC forced a newer version so that downstream consumers don't have to.
Here is an example of how that can be done.