[ 
https://issues.apache.org/jira/browse/MSHARED-1450?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

jycr updated MSHARED-1450:
--------------------------
    Description: 
The latest current version of [maven-shared-utils 
3.4.2|https://github.com/apache/maven-shared-utils/releases/tag/maven-shared-utils-3.4.2]
 (released on May 15, 2023) is vulnerable to 
[CVE-2024-47554|https://ossindex.sonatype.org/vulnerability/CVE-2024-47554].

Commit [14d655b 
|https://github.com/apache/maven-shared-utils/commit/14d655bd34a310761f395d83eeae644092cd5c5f]
 was added to fix this issue in the {{main}} branch on Mar 30, 2024.

Can you create a new version of {{file-management}} that includes this commit 
to fix this CVE?

  was:
The latest current version of [file-management 
3.1.0|https://github.com/apache/maven-file-management/releases/tag/file-management-3.1.0]
 (released on August 15, 2023) is vulnerable to 
[CVE-2024-47554|https://ossindex.sonatype.org/vulnerability/CVE-2024-47554].

Commit 
[0176d64|https://github.com/apache/maven-file-management/commit/0176d645c3051f5617ab8889a0dd5db76d816e82]
 was added to fix this issue in the {{main}} branch on April 16, 2024.

Can you create a new version of {{file-management}} that includes this commit 
to fix this CVE?


> Make release of 'maven-shared-utils' to fix CVE-2024-47554
> ----------------------------------------------------------
>
>                 Key: MSHARED-1450
>                 URL: https://issues.apache.org/jira/browse/MSHARED-1450
>             Project: Maven Shared Components
>          Issue Type: Bug
>          Components: maven-shared-utils
>    Affects Versions: maven-shared-utils-3.4.2
>            Reporter: jycr
>            Priority: Critical
>
> The latest current version of [maven-shared-utils 
> 3.4.2|https://github.com/apache/maven-shared-utils/releases/tag/maven-shared-utils-3.4.2]
>  (released on May 15, 2023) is vulnerable to 
> [CVE-2024-47554|https://ossindex.sonatype.org/vulnerability/CVE-2024-47554].
> Commit [14d655b 
> |https://github.com/apache/maven-shared-utils/commit/14d655bd34a310761f395d83eeae644092cd5c5f]
>  was added to fix this issue in the {{main}} branch on Mar 30, 2024.
> Can you create a new version of {{file-management}} that includes this commit 
> to fix this CVE?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to