SECURITY: Force newer version of javassist
pmonks opened this issue · comments
Peter Monks commented
The version of the javassist library used by the project (an indirect dependency that comes in through the Jersey client) has a serious vulnerability that has been addressed in newer versions. While this can be overridden by downstream consumers of SJC, it would be better if SJC forced a newer version so that downstream consumers don't have to.
Here is an example of how that can be done.
Peter Monks commented
Moving this issue over to symphony-java-api, where it belongs.
Peter Monks commented