Upgrade to dom4j 2.1.1
Description
causes
Activity
Show:
Rade Martinović December 20, 2018 at 8:57 AM
Thanks 🙏
Former user December 19, 2018 at 9:50 PM
, appears so. It is available on nexus at http://repository.jboss.org/nexus/content/groups/public.
Rade Martinović December 11, 2018 at 10:47 AM
Sync issue still ongoing?
Rade Martinović December 4, 2018 at 4:42 PM
All artefacts are on Maven Central except hibernate-core. No ETA still?
Guillaume Smet November 28, 2018 at 10:14 PM
We have a sync issue between our Nexus and Maven Central. I opened an issue but no news for now. I'm still following up the issue.
Overview
the transitive dependency dom4j 1.6.1 has a CVE, which is used by hibernate core (see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000632). This version is outdated.
Hibernate core shoould upgrade to version 2.x.x. org.dom4j
Detail
Related to the forum https://discourse.hibernate.org/t/dom4j-raise-up-a-cve/1362.