commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kiran Kudtarkar (Jira)" <j...@apache.org>
Subject [jira] [Commented] (CODEC-293) Security issue reported in commons-codec-1.14.jar
Date Tue, 01 Sep 2020 05:52:00 GMT

    [ https://issues.apache.org/jira/browse/CODEC-293?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17188155#comment-17188155
] 

Kiran Kudtarkar commented on CODEC-293:
---------------------------------------

Do you have any ETA for the next major release? We would like to reference that in the exemption
request we will need to make

> Security issue reported in commons-codec-1.14.jar
> -------------------------------------------------
>
>                 Key: CODEC-293
>                 URL: https://issues.apache.org/jira/browse/CODEC-293
>             Project: Commons Codec
>          Issue Type: Bug
>    Affects Versions: 1.14
>            Reporter: Kiran Kudtarkar
>            Priority: Critical
>
> While performing scans of all our project artefacts, using Xray ([https://jfrog.com/xray/)|https://urldefense.com/v3/__https:/jfrog.com/xray/)__;!!GqivPVa7Brio!J9TPdrHzI4C2XxjL6FPqvIavUMcv8JDZPDbUdDxUj_GNkbaVTUPKBVSkOwivW_xwb3iXAQ$]
([https://jfrog.com/xray/features/)|https://urldefense.com/v3/__https:/jfrog.com/xray/features/)__;!!GqivPVa7Brio!J9TPdrHzI4C2XxjL6FPqvIavUMcv8JDZPDbUdDxUj_GNkbaVTUPKBVSkOwivW_yeHM4sOA$],
below vulnerability has been reported by one of our clients.
>  
> *Reported Issue: Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing
'final' Thread-safety Unspecified Issue*



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message