igorroman777 commented on PR #421: URL: https://github.com/apache/maven-dependency-plugin/pull/421#issuecomment-2210332993
We are facing a CVE-2020-10683 vulnerability in dom4j: `org.apache.maven.plugins:maven-dependency-plugin:jar:3.7.1 [DEBUG] org.apache.maven.doxia:doxia-sink-api:jar:1.12.0:compile [DEBUG] org.apache.maven.doxia:doxia-logging-api:jar:1.12.0:compile [DEBUG] org.apache.maven.reporting:maven-reporting-api:jar:3.1.1:compile [DEBUG] org.apache.maven.reporting:maven-reporting-impl:jar:3.2.0:compile [DEBUG] org.apache.maven.doxia:doxia-decoration-model:jar:1.11.1:compile [DEBUG] org.apache.maven.doxia:doxia-core:jar:1.11.1:compile [DEBUG] org.apache.commons:commons-lang3:jar:3.8.1:compile [DEBUG] org.apache.commons:commons-text:jar:1.12.0:compile (version managed from default) [DEBUG] org.apache.httpcomponents:httpclient:jar:4.5.13:compile [DEBUG] commons-logging:commons-logging:jar:1.2:compile [DEBUG] org.apache.httpcomponents:httpcore:jar:4.4.14:compile [DEBUG] org.apache.maven.doxia:doxia-integration-tools:jar:1.11.1:compile [DEBUG] org.codehaus.plexus:plexus-interpolation:jar:1.26:compile [DEBUG] org.apache.maven.doxia:doxia-site-renderer:jar:1.11.1:compile [DEBUG] org.apache.maven.doxia:doxia-skin-model:jar:1.11.1:compile [DEBUG] org.apache.maven.doxia:doxia-module-xhtml:jar:1.11.1:compile [DEBUG] org.apache.maven.doxia:doxia-module-xhtml5:jar:1.11.1:compile [DEBUG] org.codehaus.plexus:plexus-velocity:jar:1.2:compile [DEBUG] org.apache.velocity:velocity:jar:1.7:compile [DEBUG] commons-lang:commons-lang:jar:2.4:compile [DEBUG] org.apache.velocity:velocity-tools:jar:2.0:compile [DEBUG] commons-beanutils:commons-beanutils:jar:1.7.0:compile [DEBUG] commons-digester:commons-digester:jar:1.8:compile [DEBUG] commons-chain:commons-chain:jar:1.1:compile [DEBUG] dom4j:dom4j:jar:1.1:compile [DEBUG] oro:oro:jar:2.0.8:compile [DEBUG] commons-collections:commons-collections:jar:3.2.2:compile [DEBUG] org.codehaus.plexus:plexus-archiver:jar:4.9.2:compile [DEBUG] javax.inject:javax.inject:jar:1:compile [DEBUG] commons-io:commons-io:jar:2.15.1:compile [DEBUG] org.apache.commons:commons-compress:jar:1.26.1:compile [DEBUG] commons-codec:commons-codec:jar:1.16.1:compile [DEBUG] org.iq80.snappy:snappy:jar:0.4:compile [DEBUG] org.tukaani:xz:jar:1.9:runtime [DEBUG] com.github.luben:zstd-jni:jar:1.5.5-11:runtime [DEBUG] org.codehaus.plexus:plexus-utils:jar:4.0.1:compile [DEBUG] org.codehaus.plexus:plexus-xml:jar:3.0.0:compile [DEBUG] org.codehaus.plexus:plexus-io:jar:3.4.2:compile [DEBUG] org.codehaus.plexus:plexus-i18n:jar:1.0-beta-10:compile [DEBUG] org.apache.maven.shared:maven-dependency-analyzer:jar:1.14.1:compile [DEBUG] org.ow2.asm:asm:jar:9.7:compile [DEBUG] org.apache.maven.shared:maven-dependency-tree:jar:3.3.0:compile [DEBUG] org.apache.maven.shared:maven-common-artifact-filters:jar:3.4.0:compile [DEBUG] org.apache.maven.shared:maven-artifact-transfer:jar:0.13.1:compile [DEBUG] org.codehaus.plexus:plexus-component-annotations:jar:2.0.0:compile [DEBUG] org.apache.maven.shared:maven-shared-utils:jar:3.4.2:compile [DEBUG] org.apache.maven.resolver:maven-resolver-util:jar:1.4.1:compile [DEBUG] org.apache.maven.resolver:maven-resolver-api:jar:1.4.1:compile [DEBUG] org.sonatype.plexus:plexus-build-api:jar:0.0.7:compile [DEBUG] org.slf4j:slf4j-api:jar:1.7.36:compile` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
