[
https://issues.apache.org/jira/browse/GUACAMOLE-1806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17731206#comment-17731206
]
Markus * commented on GUACAMOLE-1806:
-------------------------------------
??If you want to give updating to 6.x a try, that should be OK as long as it's
compatible with Java 8.??
It seems that Spring Security 6.0 requires Java 17. (see
[here|https://github.com/spring-projects/spring-security#spring-security]) This
probably means that the use of Spring is a dead-end as no (potential) future
vulnerabilities could be addressed by just updating this dependency. What are
your thoughts on using another library (e.g. Apache Commons Net) instead?
> Update Java dependencies to patched versions
> --------------------------------------------
>
> Key: GUACAMOLE-1806
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1806
> Project: Guacamole
> Issue Type: Task
> Components: guacamole
> Reporter: Markus *
> Priority: Minor
>
> These changes should address the following (potentially relevant)
> vulnerabilities:
> * [CVE-2022-21724|https://github.com/advisories/GHSA-v7wg-cpwc-24m4]
> * [CVE-2022-26520|https://github.com/advisories/GHSA-727h-hrw8-jg8q]
> * [CVE-2022-31197|https://github.com/advisories/GHSA-r38f-c4h4-hqq2]
> * [CVE-2022-40151|https://github.com/advisories/GHSA-f8cc-g7j8-xxpm]
> * [CVE-2022-40152|https://github.com/advisories/GHSA-3f7h-mf4q-vrm4]
> * [CVE-2022-41946|https://github.com/advisories/GHSA-562r-vg33-8x8h]
> * [CVE-2023-20861|https://github.com/advisories/GHSA-564r-hj7v-mcr5]
> * [CVE-2023-20862|https://github.com/advisories/GHSA-x873-6rgc-94jc]
> * [CVE-2023-20863|https://github.com/advisories/GHSA-wxqc-pxw9-g2p8]
> * [GHSA-673j-qm5f-xpv8|https://github.com/advisories/GHSA-673j-qm5f-xpv8]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
