Help

Activiti Dependencies - Security Vulnerabilities

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
steve_gioberti
Member II
‎9 Jul 2018 4:43 PM

Activiti Dependencies - Security Vulnerabilities

We are running with Activiti version 6.0.0, and are noticing that security scans reveal security vulnerabilities with the following two transitive dependencies:

  1. com.fasterxml.jackson.core : jackson-databind : 2.7.5
  2. org.apache.commons : commons-email : 1.4

In both cases I notice that there are later versions of these libraries available.  In the case of jackson-databind, version 2.9.6 ; and in the case of commons-email, version 1.5.

Are there plans to upgrade these dependencies in future releases of activiti?

Labels
0 Kudos
Reply
2 Replies
bassam_al-saror
Alfresco Employee
‎11 Jul 2018 1:23 PM

Re: Activiti Dependencies - Security Vulnerabilities

These libs have been upgraded in the latest code base of 6.x branch

Activiti/pom.xml at 6.x · Activiti/Activiti · GitHub 

Activiti/pom.xml at 6.x · Activiti/Activiti · GitHub 

0 Kudos
Reply
steve_gioberti
Member II
‎11 Jul 2018 1:43 PM

Re: Activiti Dependencies - Security Vulnerabilities

Bassam,

Many thanks for this. Really appreciate the good news, and the prompt reply.

Regards

Steve Gioberti

0 Kudos
Reply
Alfresco Process Services Forum

Ask for and offer help to other Alfresco Process Services and Activiti Users and members of the Alfresco team.

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.