Hyland Community
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Activiti Dependencies - Security Vulnerabilities

steve_gioberti
Champ in-the-making
Champ in-the-making

‎07-09-2018 11:43 AM

We are running with Activiti version 6.0.0, and are noticing that security scans reveal security vulnerabilities with the following two transitive dependencies:

  1. com.fasterxml.jackson.core : jackson-databind : 2.7.5
  2. org.apache.commons : commons-email : 1.4

In both cases I notice that there are later versions of these libraries available.  In the case of jackson-databind, version 2.9.6 ; and in the case of commons-email, version 1.5.

Are there plans to upgrade these dependencies in future releases of activiti?

Labels:
0 Kudos
2 REPLIES 2

bassam_al-saror
Star Collaborator
Star Collaborator

‎07-11-2018 08:23 AM

These libs have been upgraded in the latest code base of 6.x branch

Activiti/pom.xml at 6.x · Activiti/Activiti · GitHub 

Activiti/pom.xml at 6.x · Activiti/Activiti · GitHub 

0 Kudos

steve_gioberti
Champ in-the-making
Champ in-the-making
In response to bassam_al-saror

‎07-11-2018 08:43 AM

Bassam,

Many thanks for this. Really appreciate the good news, and the prompt reply.

Regards

Steve Gioberti

0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2025 Khoros, LLC
Top