Velocity icon indicating copy to clipboard operation
Velocity copied to clipboard
verified publisher icon PaperMC

Vulnerabilities in `velocity-api`

Open NDruce opened this issue 6 months ago • 2 comments

Hi, Discord invite is not working, so I created issue here. Look at this please:

Image

NDruce avatar Jun 30 '25 18:06 NDruce

Those vulnerability messages themselves don't really do much other than contributing to vulnerability fatigue, velocity itself is not affected by these and nor are plugins likely to be.

Guava could just be bumped just to get rid of that, 25.1 is also already 7 years old by now.

Warriorrrr avatar Jun 30 '25 18:06 Warriorrrr

This is generally not a concern unless you're using those affected transitive dependencies to parse untrusted data; We intentionally aligned the versions of these libraries with MC, it is probably long overdue to bump some of these dependencies to realign with the ecosystem

electronicboy avatar Jun 30 '25 21:06 electronicboy