[BUG] Dependency security breach in your openapi-generator-maven-plugin #11869
Labels
Comments
|
@soleanos thanks for reporting the issue. I wonder if you have time file a PR to update those dependencies. (otherwise, we'll take a look later this week) |
|
Hello, thanks u for anwser => i did a PR in 11881 but i cant fix plexus api build version => there is no new version since 2007 Could you use another lib instead ? If you wants use plexus utils you can take last versions like https://mvnrepository.com/artifact/org.codehaus.plexus/plexus-utils ? Thanks you |
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, I am contacting you because after passing my professional application to the XRAY scan, it appears that your application has multiple dependencies which open up major flaws:
The version of org.sonatype.plexus:plexus-build-api:jar (0.0.7) which is very old (from 2011) and contains org.codehaus.plexus:plexus-utils:jar:1.5.8:compile reassembled by xray. In addition, your jar also contains a version of maven-core which is obsolete and also contains a major security flaw. Could you please modify your pom to include versions not affected by the flaws I just told you about? Thank you very much in advance
The text was updated successfully, but these errors were encountered: