Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade grails plugin/versions to latest #194

Open
koww opened this issue May 16, 2023 · 2 comments
Open

Upgrade grails plugin/versions to latest #194

koww opened this issue May 16, 2023 · 2 comments

Comments

@koww
Copy link

koww commented May 16, 2023

We have received a CVE ticket against commons-fileupload used in grails services comming from grails-web 5.3.0:
CVE-2023-24998
However we are not able to override the grails version because of the dependency import from the plugin dominates the versions.

Please provide configurations to manually set the dependency versions to resolve CVEs as necessary, or if it is configurable instructions are deeply appreciated.
@koww
Copy link
Author

koww commented Jun 1, 2023

Or do we have any release date available for 6.x versions?

@jeffscottbrown
Copy link
Member

FYI... I believe recent versions of Grails are using commons-fileupload 1.5 (https://github.com/grails/grails-core/blob/03944f1db542f22c367d901d480fa28f0bfafa5c/grails-web-fileupload/build.gradle#L3).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jeffscottbrown @koww