Liquibase 4.14 security vulnerabilities

We ran vulnerabilty scan on our application that uses liquibase and a total of 80 critical(30) and high (50) rated CSVV3 vulnerabilities were detected.

The following components were detected as outdated and vulnerable:

  • jackson-databind
  • sqlite3 3.23.1
  • tika
  • httpcomponents-client

Below are the identified vulnerabilities

More details can be found at NVD - Vulnerabilities

Could someone help shed some light on when these components might get upgraded?


Please follow our found here:

We will need to understand a few more details, as we also scan on our end before we release and do not release with critical nor high CVEs in the liquibase code.