-
-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-36944 - Scala vulnerability with 9.8 score #363
Comments
Hey! Thank you for reporting this. This is something that should definitely be sorted out. Just FYI, SwayDB's last release was 2 years ago and is over 400 commits behind new updates. I have not been able to figure out how to continue SwayDB's development. Time being the biggest factor. So I'm not sure when this issue will be resolved. Thanks heaps for reporting this. |
Thank you for replying! I totally understand your situation. But at least now you are aware should you some day find the extra time. Cheers! |
Hi 馃憢
Currently our dependency checks started failing on SwayDB due to the scala libraries related to this CVE https://nvd.nist.gov/vuln/detail/CVE-2022-36944
We are using
Seems that these are fixed in scala-library 2.13.9, latest being 2.13.10 as of writing.
Would be super nice to get patch on this.
Thank you for SwayDB 鉂わ笍
Kind regards,
Marius
The text was updated successfully, but these errors were encountered: