- changed status to resolved
Update javax.mail dependecy due to vulnerability
Issue #251
resolved
I'm contacting you to notify you that javax.mail version 1.4.7 (mail-1.4.7), which Oauth-2.0-SDK-with-OpenID-Connect-extensions (oauth2-oidc-sdk) takes a dependency on, has the following security vulnerability: https://github.com/javaee/javamail/issues/127
Fixes for that vulnerability were included in javax.mail 1.5.3 (https://github.com/javaee/javamail/blob/master/doc/release/CHANGES.txt#L170).
Could you bump the version of javax.mail that oauth2-oidc-sdk is using to at least 1.5.3?
Comments (1)
-
reporter
- Log in to comment
Updated to most recent 1.6.1: 7ee402f0