Skip to content

Commit

Permalink
Update jdom2 2.0.6 -> 2.0.6.1
Browse files Browse the repository at this point in the history 
jdom 2.0.6 contains vulnerability
https://avd.aquasec.com/nvd/2021/cve-2021-33813/

version 2.0.6.1 has been released to address this.
  • Loading branch information
@gwalbran
gwalbran committed Mar 12, 2024
1 parent a2c7146 commit 9afa54d
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 9 deletions.
2 changes: 1 addition & 1 deletion netcdf-java-platform/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ dependencies {
api "com.google.protobuf:protoc:${depVersion.protobuf}"
api 'com.google.guava:guava:32.0.1-jre'
api 'com.google.re2j:re2j:1.3'
api 'org.jdom:jdom2:2.0.6'
api 'org.jdom:jdom2:2.0.6.1'
api 'joda-time:joda-time:2.10.3' // replace by javax.time

// netcdf4, dap4
Expand Down
8 changes: 0 additions & 8 deletions project-files/owasp-dependency-check/dependency-check-suppression.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,6 @@
<packageUrl regex="true">^pkg:maven/junit/junit@.*$</packageUrl>
<vulnerabilityName>CVE-2020-15250</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
file name: jdom2-2.0.6.jar
reason: mitigated by https://github.com/Unidata/netcdf-java/pull/801
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.jdom/jdom2@.*$</packageUrl>
<cve>CVE-2021-33813</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: screenshot_sync
Expand Down

0 comments on commit 9afa54d

Please sign in to comment.