-
Improvement
-
Resolution: Duplicate
-
Minor
-
None
[org.jenkins-ci.main:jenkins-core 2.204.2](https://mvnrepository.com/artifact/org.jenkins-ci.main/jenkins-core/2.204.2) appears to have several vulnerable dependencies. Are there any plans to update this?
[INFO] +- org.jenkins-ci.main:jenkins-core:jar:2.204.2:compile [INFO] | +- org.jenkins-ci.plugins.icon-shim:icon-set:jar:1.0.5:compile [INFO] | +- org.jenkins-ci.main:remoting:jar:3.36.1:compile [INFO] | | - org.jenkins-ci:constant-pool-scanner:jar:1.2:compile [INFO] | +- org.jenkins-ci.main:cli:jar:2.204.2:compile [INFO] | | - net.i2p.crypto:eddsa:jar:0.3.0:compile [INFO] | +- org.jenkins-ci:version-number:jar:1.6:compile [INFO] | | - com.google.code.findbugs:annotations:jar:3.0.0:compile [INFO] | +- org.jenkins-ci:crypto-util:jar:1.1:compile [INFO] | +- org.jvnet.hudson:jtidy:jar:4aug2000r7-dev-hudson-1:compile [INFO] | +- com.google.inject:guice:jar:4.0:compile [INFO] | | +- javax.inject:javax.inject:jar:1:compile [INFO] | | - aopalliance:aopalliance:jar:1.0:compile [INFO] | +- org.connectbot.jbcrypt:jbcrypt:jar:1.0.0:compile [INFO] | +- org.jruby.ext.posix:jna-posix:jar:1.0.3-jenkins-1:compile [INFO] | +- com.github.jnr:jnr-posix:jar:3.0.45:compile [INFO] | | +- com.github.jnr:jnr-ffi:jar:2.1.8:compile [INFO] | | | +- com.github.jnr:jffi:jar:1.2.17:compile [INFO] | | | +- com.github.jnr:jffi:jar:native:1.2.16:runtime [INFO] | | | +- org.ow2.asm:asm:jar:5.0.3:compile [INFO] | | | +- org.ow2.asm:asm-commons:jar:5.0.3:compile [INFO] | | | +- org.ow2.asm:asm-analysis:jar:5.0.3:compile [INFO] | | | +- org.ow2.asm:asm-tree:jar:5.0.3:compile [INFO] | | | +- org.ow2.asm:asm-util:jar:5.0.3:compile [INFO] | | | - com.github.jnr:jnr-x86asm:jar:1.0.2:compile [INFO] | | - com.github.jnr:jnr-constants:jar:0.9.9:compile [INFO] | +- org.kohsuke.stapler:stapler-groovy:jar:1.258:compile [INFO] | | - org.kohsuke.stapler:stapler-jelly:jar:1.258:compile [INFO] | | +- org.jenkins-ci:commons-jelly:jar:1.1-jenkins-20120928:compile [INFO] | | - org.dom4j:dom4j:jar:2.1.1:compile [INFO] | +- org.kohsuke.stapler:stapler-jrebel:jar:1.258:compile [INFO] | | - org.kohsuke.stapler:stapler:jar:1.258:compile [INFO] | | +- javax.annotation:javax.annotation-api:jar:1.2:compile [INFO] | | +- commons-discovery:commons-discovery:jar:0.4:compile [INFO] | | +- org.jvnet:tiger-types:jar:2.2:compile [INFO] | | - org.kohsuke:asm5:jar:5.0.1:compile [INFO] | +- org.kohsuke:windows-package-checker:jar:1.2:compile [INFO] | +- org.kohsuke.stapler:stapler-adjunct-zeroclipboard:jar:1.3.5-1:compile [INFO] | +- org.kohsuke.stapler:stapler-adjunct-timeline:jar:1.5:compile [INFO] | +- org.kohsuke.stapler:stapler-adjunct-codemirror:jar:1.3:compile [INFO] | +- io.jenkins.stapler:jenkins-stapler-support:jar:1.1:compile [INFO] | +- com.infradna.tool:bridge-method-annotation:jar:1.13:compile [INFO] | +- org.kohsuke.stapler:json-lib:jar:2.4-jenkins-2:compile [INFO] | | +- commons-logging:commons-logging:jar:1.1.1:compile [INFO] | | - net.sf.ezmorph:ezmorph:jar:1.0.6:compile [INFO] | +- commons-httpclient:commons-httpclient:jar:3.1-jenkins-1:compile [INFO] | +- args4j:args4j:jar:2.33:compile [INFO] | +- org.jenkins-ci:annotation-indexer:jar:1.12:compile [INFO] | +- org.jenkins-ci:bytecode-compatibility-transformer:jar:2.0-beta-2:compile [INFO] | | - org.kohsuke:asm6:jar:6.2:compile [INFO] | +- org.jenkins-ci:task-reactor:jar:1.5:compile [INFO] | +- org.jvnet.localizer:localizer:jar:1.26:compile [INFO] | +- antlr:antlr:jar:2.7.6:compile [INFO] | +- xpp3:xpp3:jar:1.1.4c:compile [INFO] | +- net.sf.kxml:kxml2:jar:2.3.0:compile [INFO] | +- org.jfree:jfreechart:jar:1.0.19:compile [INFO] | | - org.jfree:jcommon:jar:1.0.23:compile [INFO] | +- commons-io:commons-io:jar:2.6:compile [INFO] | +- commons-lang:commons-lang:jar:2.6:compile [INFO] | +- commons-digester:commons-digester:jar:2.1:compile [INFO] | +- commons-beanutils:commons-beanutils:jar:1.9.3:compile [INFO] | +- org.apache.commons:commons-compress:jar:1.19:compile [INFO] | +- javax.mail:mail:jar:1.4.4:compile [INFO] | +- org.jvnet.hudson:activation:jar:1.1.1-hudson-1:compile [INFO] | +- jaxen:jaxen:jar:1.1-beta-11:compile [INFO] | +- commons-jelly:commons-jelly-tags-fmt:jar:1.0:compile [INFO] | +- commons-jelly:commons-jelly-tags-xml:jar:1.1:compile [INFO] | +- org.jvnet.hudson:commons-jelly-tags-define:jar:1.0.1-hudson-20071021:compile [INFO] | +- org.jenkins-ci:commons-jexl:jar:1.1-jenkins-20111212:compile [INFO] | +- org.acegisecurity:acegi-security:jar:1.0.7:compile [INFO] | | +- org.springframework:spring-jdbc:jar:1.2.9:compile [INFO] | | | - org.springframework:spring-dao:jar:1.2.9:compile [INFO] | | +- oro:oro:jar:2.0.8:compile [INFO] | | - log4j:log4j:jar:1.2.9:runtime [INFO] | +- org.springframework:spring-webmvc:jar:2.5.6.SEC03:compile [INFO] | | +- org.springframework:spring-beans:jar:2.5.6.SEC03:compile [INFO] | | +- org.springframework:spring-context:jar:2.5.6.SEC03:compile [INFO] | | +- org.springframework:spring-context-support:jar:2.5.6.SEC03:compile [INFO] | | - org.springframework:spring-web:jar:2.5.6.SEC03:compile [INFO] | +- org.springframework:spring-core:jar:2.5.6.SEC03:compile [INFO] | +- org.springframework:spring-aop:jar:2.5.6.SEC03:compile [INFO] | +- javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api:jar:1.2.1:compile [INFO] | +- org.slf4j:jcl-over-slf4j:jar:1.7.26:compile [INFO] | +- org.slf4j:log4j-over-slf4j:jar:1.7.26:compile [INFO] | +- com.sun.xml.txw2:txw2:jar:20110809:compile [INFO] | | +- javax.xml.stream:stax-api:jar:1.0-2:compile [INFO] | | - relaxngDatatype:relaxngDatatype:jar:20020414:compile [INFO] | +- commons-collections:commons-collections:jar:3.2.2:compile [INFO] | +- org.jvnet.winp:winp:jar:1.28:compile [INFO] | +- org.jenkins-ci:memory-monitor:jar:1.9:compile [INFO] | +- org.codehaus.woodstox:wstx-asl:jar:3.2.9:compile [INFO] | | - stax:stax-api:jar:1.0.1:compile [INFO] | +- org.jmdns:jmdns:jar:3.5.5:compile [INFO] | +- net.java.dev.jna:jna:jar:5.3.1:compile [INFO] | +- org.kohsuke:akuma:jar:1.10:compile [INFO] | +- org.kohsuke:libpam4j:jar:1.11:compile [INFO] | +- org.kohsuke:libzfs:jar:0.8:compile [INFO] | +- com.sun.solaris:embedded_su4j:jar:1.1:compile [INFO] | +- net.java.sezpoz:sezpoz:jar:1.13:compile [INFO] | +- org.kohsuke.jinterop:j-interop:jar:2.0.6-kohsuke-1:compile [INFO] | | - org.kohsuke.jinterop:j-interopdeps:jar:2.0.6-kohsuke-1:compile [INFO] | | - org.samba.jcifs:jcifs:jar:1.2.19:compile [INFO] | +- org.jvnet.robust-http-client:robust-http-client:jar:1.2:compile [INFO] | +- org.jenkins-ci:symbol-annotation:jar:1.1:compile [INFO] | +- commons-codec:commons-codec:jar:1.12:compile [INFO] | +- org.kohsuke:access-modifier-annotation:jar:1.14:compile [INFO] | +- commons-fileupload:commons-fileupload:jar:1.3.1-jenkins-2:compile [INFO] | +- com.google.guava:guava:jar:11.0.1:compile [INFO] | - com.jcraft:jzlib:jar:1.1.3-kohsuke-1:compile
- duplicates
-
JENKINS-68689 Core and core component dependency debt
- Open