Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Latest version contains vulnerability from jackson-* libraries #2843

Closed
saravr opened this issue Feb 3, 2023 · 1 comment
Closed

Latest version contains vulnerability from jackson-* libraries #2843

saravr opened this issue Feb 3, 2023 · 1 comment
Labels
bug

Comments

@saravr
Copy link

saravr commented Feb 3, 2023

Describe the bug
Plugin 1.7.20 raises vulnerability https://www.mend.io/vulnerability-database/CVE-2022-42004

Expected behaviour
No vulnerability reported.

Screenshots
N/A

To Reproduce
Build the library with this plugin added.

Dokka configuration

Installation

  • Operating system: Android
  • Build tool: Gradle v7.3.3
  • Dokka version: 1.7.20

Are you willing to provide a PR?
Providing a PR can drastically speed up the process of fixing this bug
@saravr saravr added the bug label Feb 3, 2023
@IgnatBeresnev
Copy link
Member

IgnatBeresnev commented Feb 23, 2023
edited

Thanks for the report! The vulnerability was addressed in #2733 (it fixes both vulnerabilities, mvnrepository reports none for the used version), so it will be fixed with the next release, which is quite close

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@saravr @IgnatBeresnev