Hi,
Below URL says some vulnerabilities in liquibase version 3.8.0.
Is this vulnerabilities fixed in version 3.10.0?
Thanks and Regards,
Anantdev
Hi,
Below URL says some vulnerabilities in liquibase version 3.8.0.
Is this vulnerabilities fixed in version 3.10.0?
Thanks and Regards,
Anantdev
Hi @AnantdevPathak,
I am hoping we will be adding known vulnerabilities to our release notes, but to answer your question:
ERROR] One or more dependencies were identified with vulnerabilities:
[ERROR]
[ERROR] liquibase-core-3.8.0.jar: bootstrap.js: CVE-2018-14042, CVE-2019-8331, CVE-2018-14041, CVE-2018-14040
[ERROR] liquibase-core-3.8.0.jar: bootstrap.min.js: CVE-2018-14042, CVE-2019-8331, CVE-2018-14041, CVE-2018-14040
[ERROR] liquibase-core-3.8.0.jar: jquery-1.11.0.min.js: CVE-2015-9251, CVE-2019-11358
[ERROR]
[ERROR] See the dependency-check report for more details.
We can’t see bootstrap.js, bootstrap.min.js, or jquery-1.11 after 3.8.6, so looks like those won’t trip vulnerability scans.
Thanks,
Ronak