-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PRISMA-2021-0055 vulnerability in latest ibm-cos-java-sdk-bundle-2.9.1.jar #38
Comments
Could you provide more details on the vulnerability report? Could that number be a tool-specific reference? There is an upstream issue on this topic: aws/aws-sdk-java#125. The only reference to |
Thanks @IBMeric ibm-cos-java-sdk-bundle-2.9.1.jar contains the META-INF/maven/commons-codec/commons-codec/pom.xml file which makes an explicit reference to commons-codec 1.11 |
@IBMeric any update about this? |
Thanks for the link. That change was made after this ticket was opened. We can include it in our next release. Do you know if this will satisfy your scanner? |
@IBMeric yes, I am confident that it will. |
Sorry for the late reply. The work is scheduled but I haven't been able to get a release commitment internally yet. I will bring this up again today. |
Thanks @IBMeric |
We have confirmed the fix and will put it in the next bug fix release. There is another fix in the works, so the plan is to release both together. |
Thanks @IBMeric |
Any ETA on this fix? |
The release will either be this week or early next week. |
@tcherel We have published 2.10.1. Could you verify your issue has been resolved and close this ticket? |
Thanks @IBMeric |
We are getting a vulnerability report on ibm-cos-java-sdk-bundle-2.9.1.jar about the shaded commons-codec 1.11 dependency that should be upgraded to 1.13 or higher.
I am not able to find much details about what PRISMA-2021-0055 is.
Is it possible to schedule an update of commons-codec to 1.13 or to the latest version so it is current?
Thanks.
The text was updated successfully, but these errors were encountered: