We're updating the issue view to help you get more done. 

Upgrade to dom4j 2.1.1

Description

Overview

the transitive dependency dom4j 1.6.1 has a CVE, which is used by hibernate core (see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000632). This version is outdated.
Hibernate core shoould upgrade to version 2.x.x. org.dom4j

Detail

Related to the forum https://discourse.hibernate.org/t/dom4j-raise-up-a-cve/1362.

Environment

None

Status

Assignee

Vlad Mihalcea

Reporter

Dennis Melzer

Fix versions

Labels

None

backPortable

Backport?

Suitable for new contributors

None

Requires Release Note

None

Pull Request

None

backportDecision

None

Components

Affects versions

5.3.6

Priority

Major