spring-cloud-netflix icon indicating copy to clipboard operation
spring-cloud-netflix copied to clipboard
verified publisher icon spring-cloud

spring-cloud-starter-netflix-eureka-client:4.1 has vulnerability with dependency commons-jxpath:1.3

Open ziad-saade opened this issue 1 year ago • 3 comments

ziad-saade avatar Sep 30 '24 08:09 ziad-saade

image spring-cloud-starter-netflix-eureka-client latest version 4.1.3 image commons-jxpath latest version 1.3 image

ziad-saade avatar Sep 30 '24 09:09 ziad-saade

Hello, @ziad-saade, thanks for reporting the issue. This is a transitive dependency provided by an external repo: https://github.com/Netflix/netflix-commons. There's no higher version of Netflix/Eureka that we could upgrade to. We can't also provide a fix for Netflix/Eureka, since no higher version of Netflix/netflix-commons is available. The users can exclude the dependency on their end. Please create an issue in Netflix/netflix-commons and link here. We'll upgrade once an upgraded version is made available.

OlgaMaciaszek avatar Sep 30 '24 12:09 OlgaMaciaszek

Thanks you @OlgaMaciaszek for your reply, below link to the issue: https://github.com/Netflix/netflix-commons/issues/34

ziad-saade avatar Sep 30 '24 13:09 ziad-saade