hello,
A security vulnerability scan performed by our client has reported findings related to transitive dependencies included with the EMA/ETA Java SDK.
SDK / Build
EMA Java SDK version: 3.9.2.0
Build system: Maven
Area: EMA/ETA Java (standard consumer scenarios)
The scan highlights outdated/vulnerable components along the following chain:
com.refinitiv.ema:ema:3.9.2.0
↳ com.refinitiv.eta.valueadd:etaValueAdd:3.9.2.0
↳ org.quartz-scheduler:quartz:2.3.2
↳ com.mchange:c3p0:0.9.5.4
↳ com.mchange:mchange-commons-java:0.2.15
We are looking for actionable guidance or an official statement to close the security assessment with our stakeholders.
Thanks in advance for your support.
Ale
hello,
A security vulnerability scan performed by our client has reported findings related to transitive dependencies included with the EMA/ETA Java SDK.
SDK / Build
EMA Java SDK version: 3.9.2.0
Build system: Maven
Area: EMA/ETA Java (standard consumer scenarios)
The scan highlights outdated/vulnerable components along the following chain:
com.refinitiv.ema:ema:3.9.2.0
↳ com.refinitiv.eta.valueadd:etaValueAdd:3.9.2.0
↳ org.quartz-scheduler:quartz:2.3.2
↳ com.mchange:c3p0:0.9.5.4
↳ com.mchange:mchange-commons-java:0.2.15
We are looking for actionable guidance or an official statement to close the security assessment with our stakeholders.
Thanks in advance for your support.
Ale