Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

icu4j vulnerability #411

Closed
elzibubble opened this issue Mar 28, 2022 · 1 comment · Fixed by #412
Closed

icu4j vulnerability #411

elzibubble opened this issue Mar 28, 2022 · 1 comment · Fixed by #412
Assignees
@hlship
Labels
bug
Milestone
1.2

Comments

@elzibubble
Copy link 

[com.walmartlabs/lacinia "1.1"]
  [clj-antlr "0.2.10"]
    [org.antlr/antlr4 "4.9.2"]
      [com.ibm.icu/icu4j "61.1"]

This version of icu4j has CVE-2020-21913 against it. Antlr 4.9.3 has merged an update: antlr/antlr4#3261

clj-antlr 0.2.12 uses Antlr 4.9.3; please would you update?
@hlship hlship self-assigned this Mar 28, 2022
@hlship hlship added the bug label Mar 28, 2022
@hlship hlship added this to the 1.2 milestone Mar 28, 2022
hlship added a commit that referenced this issue Mar 28, 2022
@hlship
Update clj-anltr dependency (due to CVE-2020-21913)
0fb5828 
Fixes #411
@hlship hlship mentioned this issue Mar 28, 2022
Merged
@hlship
Copy link
Member

hlship commented Mar 28, 2022

Closed by #412

@hlship hlship closed this as completed Mar 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hlship hlship

Labels
bug
Milestone
1.2
Development

Successfully merging a pull request may close this issue.

Update clj-anltr dependency (due to CVE-2020-21913) walmartlabs/lacinia
2 participants
@hlship @elzibubble