We are running with Activiti version 6.0.0, and are noticing that security scans reveal security vulnerabilities with the following two transitive dependencies:
In both cases I notice that there are later versions of these libraries available. In the case of jackson-databind, version 2.9.6 ; and in the case of commons-email, version 1.5.
Are there plans to upgrade these dependencies in future releases of activiti?
These libs have been upgraded in the latest code base of 6.x branch
Bassam,
Many thanks for this. Really appreciate the good news, and the prompt reply.
Regards
Steve Gioberti
Ask for and offer help to other Alfresco Process Services and Activiti Users and members of the Alfresco team.
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.