Patched versions of core(-jakarta) not available in maven central repository

veraPDF / veraPDF-library

Industry supported, open source PDF/A validation library

http://verapdf.org/software

GNU General Public License v3.0

268 stars 48 forks source link

Patched versions of core(-jakarta) not available in maven central repository #1433

Closed mum-viadee closed 4 months ago

mum-viadee commented 4 months ago

Hi,

we are using verapdf-validation for some of our units tests. Our dependency scanner marks core and core-jakarta in version 1.24.1 as vulnerable dependencies due to CVE-2024-28109.

In the description of the vulnerability it says that version 1.24.2 has been patched. I can see the release in your github repository, but I dont find the released libraries in maven central. Am I missing something?

Regards, Martin

bdoubrov commented 4 months ago

@mum-viadee thanks for reporting this. Checking what might have gone wrong.

bdoubrov commented 4 months ago

This has to be resolved by now. Please reopen it if this is still an issue