docx4j icon indicating copy to clipboard operation
docx4j copied to clipboard

Published 20 hours ago verified publisher icon plutext

fix(sec): upgrade jackson-databind to 2.12.6.1

Open Huoxi-any opened this issue 2 years ago • 1 comments

What happened?

There are 1 security vulnerabilities found in xerces:xercesImpl 2.12.0

What did I do?

Upgrade xerces:xercesImpl from 2.12.0 to 2.12.1 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

How was this patch tested?

Run mvn compile succeeded locally. Run mvn clean test succeeded locally. all tests passed.

The specification of the pull request

PR Specification from OSCS

Huoxi-any avatar Oct 14 '22 08:10 Huoxi-any

current docx4j uses xerces 2.12.2

plutext avatar Jul 21 '24 00:07 plutext