Switch the commons-logging dependency with knowable vulnerabilities

Hi guys!

I would like to request a change on this commons-logging/1.2 dependency that have the vulnerabilities below:

[CVE-2022-23307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307)
[CVE-2022-23305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305)
[CVE-2022-23302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302)
[CVE-2021-4104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104)
[CVE-2019-17571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571)

I saw that this library is used by com.amazonaws:dynamodb-lock-client:1.3.0, maybe make sense to change to another library from software.amazon.awssdk package.

Thanks in advanced.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Switch the commons-logging dependency with knowable vulnerabilities #1435

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Switch the commons-logging dependency with knowable vulnerabilities #1435

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions