Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-32196

Set snappy-java version to 1.1.10.5

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2021
    • Fix Version/s: 2021.48
    • Component/s: Security
    • Tags:
    • Backlog priority:
      900
    • Upgrade notes:
      Hide

      The following dependency has been upgraded from 1.1.8.1 to 1.1.10.5:

      <dependency>
  <groupId>org.xerial.snappy</groupId>
  <artifactId>snappy-java</artifactId>
</dependency>
      Show
      The following dependency has been upgraded from 1.1.8.1 to 1.1.10.5: <dependency> <groupId>org.xerial.snappy</groupId> <artifactId>snappy-java</artifactId> </dependency>
    • Sprint:
      nxplatform #103
    • Story Points:
      2

      Description

      We need to deliver a newer version of this lib on 2021 to avoid CVE-2023-43642

      It used to be in the pom: NXP-31410

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: