[ https://issues.apache.org/jira/browse/ARCHETYPE-567?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Enrico Olivelli reassigned ARCHETYPE-567: ----------------------------------------- Assignee: Enrico Olivelli > Update to dom4j 2.1.1 and require Java 8 > ----------------------------------------- > > Key: ARCHETYPE-567 > URL: https://issues.apache.org/jira/browse/ARCHETYPE-567 > Project: Maven Archetype > Issue Type: Bug > Affects Versions: 3.1.0 > Reporter: Tony Homer > Assignee: Enrico Olivelli > Priority: Major > Fix For: 3.1.1 > > Time Spent: 20m > Remaining Estimate: 0h > > Maven archetype currently uses dom4j 1.6.1 which is vulnerable to > [CVE-2018-1000632|https://nvd.nist.gov/vuln/detail/CVE-2018-1000632]. > Upgrade to 2.1.1, which is the only released version of dom4j not vulnerable > to CVE-2018-1000632. -- This message was sent by Atlassian JIRA (v7.6.3#76005)