From 0e7664704df159139f7ec40b808b3d1ccede6b13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Brunner?= Date: Thu, 24 Aug 2023 10:15:10 +0200 Subject: [PATCH] Fix CVE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upgrade org.apache.xmlgraphics:batik-bridge@1.16 to org.apache.xmlgraphics:batik-bridge@1.17 to fix ✗ Server-side Request Forgery (SSRF) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5849961] in org.apache.xmlgraphics:batik-bridge@1.16 introduced by org.apache.xmlgraphics:batik-bridge@1.16 and 2 other path(s) Upgrade org.apache.xmlgraphics:batik-codec@1.16 to org.apache.xmlgraphics:batik-codec@1.17 to fix ✗ Server-side Request Forgery (SSRF) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5849961] in org.apache.xmlgraphics:batik-bridge@1.16 introduced by org.apache.xmlgraphics:batik-bridge@1.16 and 2 other path(s) Upgrade org.apache.xmlgraphics:batik-transcoder@1.16 to org.apache.xmlgraphics:batik-transcoder@1.17 to fix ✗ Server-side Request Forgery (SSRF) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLGRAPHICS-5849961] in org.apache.xmlgraphics:batik-bridge@1.16 introduced by org.apache.xmlgraphics:batik-bridge@1.16 and 2 other path(s) --- core/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/build.gradle b/core/build.gradle index 7d533b6cb2..2c9d17e875 100644 --- a/core/build.gradle +++ b/core/build.gradle @@ -198,7 +198,7 @@ dependencies { compile(configurations.geotools) compile(configurations.jasper) - def batikVersion = '1.16' + def batikVersion = '1.17' compile( 'org.apache.xmlgraphics:xmlgraphics-commons:2.8', "org.apache.xmlgraphics:batik-transcoder:$batikVersion",