Skip to content

Fix cve#28

Closed
sepe81 wants to merge 2 commits into
apache:masterfrom
sepe81:fix-cve
Closed

Fix cve#28
sepe81 wants to merge 2 commits into
apache:masterfrom
sepe81:fix-cve

Conversation

@sepe81
Copy link
Copy Markdown

@sepe81 sepe81 commented Dec 16, 2019

@lukaszlenart I know you are working on a replacement for the mailreader example within
#27 but maybe we can use those two changes as a quickfix for failing builds during org.owasp:dependency-check-maven

e.g. https://builds.apache.org/blue/organizations/jenkins/Struts-examples-JDK8-dependency-check/detail/Struts-examples-JDK8-dependency-check/10/pipeline

[ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.2.2:check (default) on project mailreader: 
[ERROR] 
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': 

[ERROR] 
[ERROR] struts-mailreader-dao-1.3.5.jar: CVE-2016-1181, CVE-2013-2115, CVE-2016-1182, CVE-2014-0114, CVE-2015-0899
[ERROR] commons-beanutils-1.6.jar: CVE-2014-0114, CVE-2019-10086
[ERROR] commons-collections-2.1.jar: CVE-2015-6420, CVE-2017-15708

@lukaszlenart
Copy link
Copy Markdown
Member

lukaszlenart commented Dec 16, 2019

@sepe81 but this won't fix this problem struts-mailreader-dao-1.3.5.jar: CVE-2016-11

@lukaszlenart
Copy link
Copy Markdown
Member

lukaszlenart commented Dec 16, 2019

Sorry, I forgot to push :( And now mailreader app is gone, but a new version should be soon :)

@sepe81
Copy link
Copy Markdown
Author

sepe81 commented Dec 16, 2019

The complete removal solves the problem, too. 👍

@sepe81 sepe81 closed this Dec 16, 2019
@sepe81 sepe81 deleted the fix-cve branch December 16, 2019 20:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sepe81 @lukaszlenart