Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update MVEL to 2.5.2.Final #1772

Closed
AnnJoy23 opened this issue Jan 22, 2025 · 1 comment · Fixed by apache/incubator-kie-kogito-runtimes#3831
Closed

Update MVEL to 2.5.2.Final #1772

AnnJoy23 opened this issue Jan 22, 2025 · 1 comment · Fixed by apache/incubator-kie-kogito-runtimes#3831
Assignees
@AnnJoy23
Labels
area:dependencies Dependency upgrade/update/migration type:enhancement Something that already exists needs to be improved

Comments

@AnnJoy23
Copy link

org.mvel:mvel2 library must be upgraded to version 2.5.2.Final in all repositories. Currently there is inconsistency between repositories - in Drools, there is different mvel version than in kogito-runtimes. Other repositories need to be checked too for mvel version (if used) and the version must be the same across repositories.

In addition, version of mvel library currently used in kogito-runtimes repository (2.5.0.Final) contains a CVE vulnerability.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AnnJoy23 AnnJoy23

Labels
area:dependencies Dependency upgrade/update/migration type:enhancement Something that already exists needs to be improved
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[kie-issues#1772] Upgrade mvel to 2.5.2.Final AnnJoy23/incubator-kie-kogito-runtimes
3 participants
@baldimir @yesamer @AnnJoy23