[
https://issues.apache.org/jira/browse/GROOVY-11045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884149#comment-17884149
]
QwertyChouskie edited comment on GROOVY-11045 at 9/24/24 7:39 AM:
------------------------------------------------------------------
I have this in my `build.gradle.kts` now, and it gets rid of the CVE
notification:
{code:kotlin}
testImplementation("org.codehaus.groovy:groovy-all:3.0.22")
constraints {
implementation("org.testng:testng:7.5.1") {
because("CVE-2022-4065: TestNG 7.5 is vulnerable to Path Traversal")
}
}
{code}
Would be nice if upstream groovy-all was updated to point to 7.5.1 rather than
7.5, but this workaround works fine.
was (Author: JIRAUSER306603):
I have this in my `build.gradle.kts` now, and it gets rid of the CVE
notification:
```
testImplementation("org.codehaus.groovy:groovy-all:3.0.22")
constraints {
implementation("org.testng:testng:7.5.1") {
because("CVE-2022-4065: TestNG 7.5 is vulnerable to Path Traversal")
}
}
```
Would be nice if upstream groovy-all was updated to point to 7.5.1 rather than
7.5, but this workaround works fine.
> Bump testng to 7.5.1
> --------------------
>
> Key: GROOVY-11045
> URL: https://issues.apache.org/jira/browse/GROOVY-11045
> Project: Groovy
> Issue Type: Dependency upgrade
> Reporter: Paul King
> Assignee: Paul King
> Priority: Major
> Fix For: 4.0.12
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
