Upgrade to dom4j 2.1.3 for CVE-2020-10683

Description

Overview

dom4j 2.1. is a dependency of hibernate core and has a CVE (see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10683).
Hibernate core should upgrade to version 2.1.3 or later.

 

Affects:

  • Hibernate 5.4.12.Final

  • Hibernate 5.4.14.Final

Environment

None

Assignee

Unassigned

Reporter

Frans Flippo

Fix versions

None

Labels

None

backPortable

None

Suitable for new contributors

None

Requires Release Note

None

Pull Request

None

backportDecision

None

Components

Affects versions

Priority

Major
Configure