Skip to:

Skip to Jira Navigation
Skip to Side Navigation
Skip to Main Content

remove xmpcore from lucee core

Description

the image extension did bundle a newer version 6.1.1, core bundles 5.1.2

5.1.2 has a XXE CVE

Environment

None

Linked issues

causes

Image extension 1.0.0: does not work with Lucee 5.4

Activity

Show:

Zac Spitzer 19 May 2023 at 14:31

Zac Spitzer 19 May 2023 at 14:21

Zac Spitzer 14 May 2023 at 08:31
Edited

6.0

Zac Spitzer 12 May 2023 at 06:46

Fixed

Details
Assignee
Zac Spitzer
Reporter
Zac Spitzer
Priority
New
Labels
javasecurityshrink
Fix versions
6.0.0.391
5.4.0.54
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Sprint
None

Created 12 May 2023 at 06:42

Updated 19 July 2023 at 13:26

Resolved 20 May 2023 at 11:11