JDom1/2 security warning : CVE-2021-33813

Question

JDom1/2 security warning : CVE-2021-33813

tusharj9 opened this issue 3 years ago · 2 comments

Hi ,
There is high security warning created on jdom library jar which is included with this plugin . Please plan to update this jdom with security fix .

https://nvd.nist.gov/vuln/detail/CVE-2021-33813

hunterhacker/jdom#189

Answer 1 · 2022-01-03T03:37:28.000Z

Is there a plan to address this issue in near future? Can you share any timelines?

Answer 2 · 2022-01-19T10:10:52.000Z

With #210, the dependency on the rome library that was in this project was removed. Another version of the library is still pulled in transitively through the Openfire dependency though. That's something that will need to be addressed there.