Security Vulnerability Detected in gwt-dev.jar & gwt-servlet.jar are reported by Dependency checker tool
Below are the details -
1. Gwt-dev.jar -
1.1 Vulnerable version of jetty library(current version-- 9.2.14, available )
1.2 Vulnerable version of commons-collections(current version - 3.2.1)
1.3 Vulnerable version of org.apache.httpcomponents:httpclient(current version - 4.3.1)
1.1 Vulnerable version of Google Protobuf(current version - 2.5.0, available version - 3.4.0)
##### Steps to reproduce
Refer instruction from following web site.
Is community going to update 3rd party library used by GWT to remove these Vulnerability ?
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firstname.lastname@example.org.
To post to this group, send email to email@example.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
Post a Comment