Multiple security vulnerabilities

Question

Multiple security vulnerabilities

sdavids opened this issue 7 years ago · 6 comments

Reported by OWASP dependency-check Analyse

One or more dependencies were identified with known vulnerabilities:

docker-java-shaded-3.0.14.jar (com.aries:docker-java-shaded:3.0.14, cpe:/a:docker:docker:3.0.14) : CVE-2017-7297
docker-java-shaded-3.0.14.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml (com.fasterxml.jackson.core:jackson-databind:2.6.4, cpe:/a:fasterxml:jackson-databind:2.6.4, cpe:/a:fasterxml:jackson:2.6.4) : CVE-2017-15095, CVE-2017-17485, CVE-2017-7525, CVE-2018-5968, CVE-2018-7489
docker-java-shaded-3.0.14.jar/META-INF/maven/com.github.docker-java/docker-java/pom.xml (com.github.docker-java:docker-java:3.0.14, cpe:/a:docker:docker:3.0.14) : CVE-2017-7297

Answer 1 · 2018-05-29T12:15:48.000Z

@sdavids have you reported this to the docker-java project? This project builds on top of theirs and so the fix would need to go into that project lest we want to start having differing dependencies here and break with them which can cause all sorts of fun issues :)

Answer 2 · 2018-06-23T10:52:48.000Z

docker-java/docker-java#1058

Answer 3 · 2018-09-24T13:31:55.000Z

Closing issue. Feel free to re-open should you like to talk further.

Answer 4 · 2018-09-24T14:29:22.000Z

This should remain open.

When upstream is fixed your dependency should be updated and then this issue should be closed.

Answer 5 · 2018-09-24T14:55:56.000Z

@sdavids fair enough. Re-opening.

Answer 6 · 2019-03-22T16:13:54.000Z

Closing as 3.1.1 has been released.