Skip to content
This repository has been archived by the owner on Jan 19, 2024. It is now read-only.

Please consider upgrading three dependencies to mitigate several known CVEs #100

Open
sethb3214 opened this issue Oct 8, 2018 · 0 comments
Open

Please consider upgrading three dependencies to mitigate several known CVEs #100

sethb3214 opened this issue Oct 8, 2018 · 0 comments

Comments

@sethb3214
Copy link

Dependency vulnerability analysis shows that there are three dependencies in this project that appear to contain known CVEs. The dependencies are

  • bcprov-jdk15on-1.51.jar
  • cxf-rt-transports-http-3.1.2.jar
  • cxf-rt-ws-security-3.1.2.jar

Here are the Bouncy Castle CVEs:

Here are the Apache CXF Transport CVEs:

Here is the WS Security CVE:

While these libraries don't appear to be used by the Java FuelSDK, is it possible to upgrade these dependencies to a more secure version?
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sethb3214