Details

    • Bug Testcase Reminder (view):

      Bug reports should generally be accompanied by a test case!

    • backPortable:
      Backport?
    • Last commented by a user?:
      true
    • Sprint:

      Description

      Overview

      the transitive dependency dom4j 1.6.1 has a CVE, which is used by hibernate core (see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000632). This version is outdated.
      Hibernate core shoould upgrade to version 2.x.x. org.dom4j

      Detail

      Related to the forum https://discourse.hibernate.org/t/dom4j-raise-up-a-cve/1362.

        Attachments

          Issue links

            Activity

              People

              • Votes:
                2 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: