You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current Handlebars dependency used by Wiremock 2.34 uses the Apache.commons.text library, which contains a security vulnerability with ID CVE-2022-42889. Handlebars version 4.3.1 uses the updated version of the Apache library which mitigates this vulnerability.
Wiremock version
2.34.0
What is the issue
Inside the main build.gradle file there is a dependency on Handlebars version 4.3.0. This version uses a vulnerable version of the Apache.commons.text library. Handlebars has a newer version available which uses a non-vulnerable version of the Apache library (issue: jknack/handlebars.java#1009).
What would I like to see
I would like to see the handlebars dependency used by Wiremock updated to version 4.3.1
The text was updated successfully, but these errors were encountered:
Apache Commons FileUpload =< 1.4 has this vulnerability. If was fixed in 1.5. link.
It is recommended to update commons-fileupload component to version 1.5.
The current Handlebars dependency used by Wiremock 2.34 uses the Apache.commons.text library, which contains a security vulnerability with ID CVE-2022-42889. Handlebars version 4.3.1 uses the updated version of the Apache library which mitigates this vulnerability.
Wiremock version
2.34.0
What is the issue
Inside the main build.gradle file there is a dependency on Handlebars version 4.3.0. This version uses a vulnerable version of the Apache.commons.text library. Handlebars has a newer version available which uses a non-vulnerable version of the Apache library (issue: jknack/handlebars.java#1009).
What would I like to see
I would like to see the handlebars dependency used by Wiremock updated to version 4.3.1
The text was updated successfully, but these errors were encountered: