AnsweredAssumed Answered

Activiti Dependencies - Security Vulnerabilities

Question asked by steve.gioberti@bt.com on Jul 9, 2018
Latest reply on Jul 11, 2018 by steve.gioberti@bt.com

We are running with Activiti version 6.0.0, and are noticing that security scans reveal security vulnerabilities with the following two transitive dependencies:

 

  1. com.fasterxml.jackson.core : jackson-databind : 2.7.5
  2. org.apache.commons : commons-email : 1.4

In both cases I notice that there are later versions of these libraries available.  In the case of jackson-databind, version 2.9.6 ; and in the case of commons-email, version 1.5.

 

Are there plans to upgrade these dependencies in future releases of activiti?

 

Outcomes