Re: [Quickfixj-users] quickfixJ, mina and CVEs

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I think it would be possible but unfortunately cannot commit on any timeline at the moment. :-/
Would you be so kind to open an issue at https://github.com/quickfix-j/quickfixj/issues/new/choose 
so that it does not get lost?

Thanks,
Chris.

On 17.02.22 19:33, Andrew Marlow wrote:
> QFJ Documentation:http://www.quickfixj.org/documentation/
> QFJ Support:http://www.quickfixj.org/support/
>
>
>
> Hello everyone,
>
> I see the version of mina used by QFJ hasn't changed for some time. There are a couple of CVEs 
> recorded against it, https://www.cvedetails.com/cve/CVE-2019-0231/ and 
> https://www.cvedetails.com/cve/CVE-2021-41973/ . The 2021 one says to dodge the issue by moving to 
> version 2.1.5 or greater. Can we have a release of QFJ where this is done please? Without this 
> change projects that use QFJ will be flagged as vulnerable to those CVes via transitive 
> dependencies. Hopefully it will simply be a case of updating the pom and running the regression tests.
>
> -- 
> Regards,
>
> Andrew Marlow
> http://www.andrewpetermarlow.co.uk
>
>
>
> _______________________________________________
> Quickfixj-users mailing list
> Qui...@li...
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

-- 
Christoph John
Software Engineering
T +49 241 557080-28
chr...@ma...

MACD GmbH
Oppenhoffallee 103
52066 Aachen, Germany
www.macd.com

Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663
Geschäftsführer: George Macdonald