Changed JSTL artifact (jstl:jstl -> org.apache.taglibs:taglibs-standard-jstlel) #16

dzc34 · 2017-01-15T01:09:35Z

Vulnerability

Apache Standard Taglibs before 1.2.3 has a CVSS 7.5 vulnerability
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0254

see all version of jstl (latest version: 12-May-2006)
http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22jstl%22%20AND%20a%3A%22jstl%22

Solution

Changed JSTL artifact (jstl:jstl -> org.apache.taglibs:taglibs-standard-jstlel)
https://tomcat.apache.org/taglibs/standard/

         <dependency>
-            <groupId>jstl</groupId>
-            <artifactId>jstl</artifactId>
-            <version>1.2</version>
+            <groupId>org.apache.taglibs</groupId>
+            <artifactId>taglibs-standard-jstlel</artifactId>
+            <version>1.2.5</version>
         </dependency>

ex:

The text was updated successfully, but these errors were encountered:

* upgrading-dependencies: Fixed Asqatasun#16 - Changed JSTL artifact (jstl:jstl -> org.apache.taglibs:taglibs-standard-jstlel) Fixed Asqatasun#15 - Removed commons-httpclient dependency Fixed Asqatasun#14 - Upgraded SpringFrameworkt to v3.2.12 and remove spring-asm Fixed Asqatasun#13 - Upgraded Apache.HttpComponents HttpClient to v4.3.6

---------------------- set version to 0.4.2 Updated CHANGELOG Fixed Asqatasun#16 - Changed JSTL artifact (jstl:jstl -> org.apache.taglibs:taglibs-standard-jstlel) Fixed Asqatasun#15 - Removed commons-httpclient dependency Fixed Asqatasun#14 - Upgraded SpringFrameworkt to v3.2.12 and remove spring-asm Fixed Asqatasun#13 - Upgraded Apache.HttpComponents HttpClient to v4.3.6 updated CONTRIBUTING.md fixed Asqatasun#11 - color contrast falling for links fixed Asqatasun#10 - color contrast failing for "the color should be between (...)" Dockerfile : typo set version to 0.4.2-dev

dzc34 added the type: security label Jan 15, 2017

dzc34 self-assigned this Jan 15, 2017

dzc34 closed this as completed in ded2ad3 Jan 15, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Changed JSTL artifact (jstl:jstl -> org.apache.taglibs:taglibs-standard-jstlel) #16

Changed JSTL artifact (jstl:jstl -> org.apache.taglibs:taglibs-standard-jstlel) #16

dzc34 commented Jan 15, 2017

Changed JSTL artifact (jstl:jstl -> org.apache.taglibs:taglibs-standard-jstlel) #16

Changed JSTL artifact (jstl:jstl -> org.apache.taglibs:taglibs-standard-jstlel) #16

Comments

dzc34 commented Jan 15, 2017

Vulnerability

Solution