Activiti Dependencies - Security Vulnerabilities

cancel
Showing results for 
Search instead for 
Did you mean: 
steve_gioberti
Member II

Activiti Dependencies - Security Vulnerabilities

We are running with Activiti version 6.0.0, and are noticing that security scans reveal security vulnerabilities with the following two transitive dependencies:

  1. com.fasterxml.jackson.core : jackson-databind : 2.7.5
  2. org.apache.commons : commons-email : 1.4

In both cases I notice that there are later versions of these libraries available.  In the case of jackson-databind, version 2.9.6 ; and in the case of commons-email, version 1.5.

Are there plans to upgrade these dependencies in future releases of activiti?

2 Replies
bassam_al-saror
Alfresco Employee

Re: Activiti Dependencies - Security Vulnerabilities

These libs have been upgraded in the latest code base of 6.x branch

Activiti/pom.xml at 6.x · Activiti/Activiti · GitHub 

Activiti/pom.xml at 6.x · Activiti/Activiti · GitHub 

steve_gioberti
Member II

Re: Activiti Dependencies - Security Vulnerabilities

Bassam,

Many thanks for this. Really appreciate the good news, and the prompt reply.

Regards

Steve Gioberti