POMs v42 Release Notes

Created by Federico Grilli, last modified on 2021-09-20

Noteworthy

This version updates OWASP dependency-check plugin to version 6.3.1 and removes some outdated false positive vulnerabilities.

Changelog

Fixed

Dismiss CVE reports related to xstream dependency. [BUILD-443]
Dismiss CVE report related to xz dependency. [BUILD-448]
Dismiss CVE report related to daisydiff-1.2-magnolia dependency. [BUILD-449]
CVE mismatch for Apache PDFBox sub projects xmpbox and preflight. [BUILD-442]
CVE mismatch for various libraries concerning some Rust library Magnolia doesn't use. [BUILD-491]

Changed

Update OWASP dependency-check plugin to version 6.3.1. [BUILD-444]

Upgrading

Upgrading should be straightforward. Core artifacts start being updated with the Magnolia 6.2.12 release.

No labels