Vulnerable Dependencies in Latest version 21.7.1

The latest [v21.7.1](https://github.com/crossbario/autobahn-java/releases/tag/v21.7.1) release is from 4 years ago & has several open security vulnerabilities (which appear to have been fixed in master already).  Just need a new release created & uploaded to [mvnrepository](https://mvnrepository.com/artifact/io.crossbar.autobahn/autobahn-java) to resolve the vulnerabilities.

| v21.7.1 CVE | v21.7.1 problem dependency | master version |
| --- | --- | --- |
| [CVE-2014-4043](https://nvd.nist.gov/vuln/detail/CVE-2014-4043) | `org.web3j:core:4.6.0` > `jnr-posix-3.0.47.jar`<br>https://github.com/crossbario/autobahn-java/blob/d9a591ca2cbae15dff27a40b4075c48a251c60f3/autobahn/build.gradle#L34 | YES? - [org.web3j:core:4.11.0](https://mvnrepository.com/artifact/org.web3j/core/4.11.0) > no more `jnr-posix-3.0.47.jar`  <br>https://github.com/crossbario/autobahn-java/blob/5f13baa3063c46090f89d8551a388c35e8df0a2c/autobahn/build.gradle#L35 |
| [CVE-2020-28052](https://nvd.nist.gov/vuln/detail/CVE-2020-28052) | `org.web3j:core:4.6.0` > `org.java-websocket:Java-WebSocket:jar:1.3.8` | YES? - [org.web3j:core:4.11.0](https://mvnrepository.com/artifact/org.web3j/core/4.11.0) > `org.java-websocket:Java-WebSocket:jar:1.5.3` |

For reference, here are some related prior issues regarding security vulnerabilities / release process which I found:
- #521 
- #489
- #493

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Vulnerable Dependencies in Latest version 21.7.1 #563

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerable Dependencies in Latest version 21.7.1 #563

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions