AnsweredAssumed Answered

Activiti Dependencies - Security Vulnerabilities

Question asked by on Jul 9, 2018
Latest reply on Jul 11, 2018 by

We are running with Activiti version 6.0.0, and are noticing that security scans reveal security vulnerabilities with the following two transitive dependencies:


  1. com.fasterxml.jackson.core : jackson-databind : 2.7.5
  2. org.apache.commons : commons-email : 1.4

In both cases I notice that there are later versions of these libraries available.  In the case of jackson-databind, version 2.9.6 ; and in the case of commons-email, version 1.5.


Are there plans to upgrade these dependencies in future releases of activiti?