SONATYPE-2019-0115 PrimeFaces Issue

Sonatype Lifecycle & Repository Firewall
1

SONATYPE-2019-0115 is to report the Jquery 3.3.1 CVE. There are a couple of issues.

  1. It is only being reported for PrimeFaces 7.0 when it should be reported for all versions of Primefaces 1.0-7.0 because they all use Jquery < 3.4.0.

  2. This has been fixed in PrimeFaces 7.0.4 could you mark that as the fix version for this one? See this ticket that it has been upgraded to Jquery 3.4.1 in PF 7.0.4. JQuery: Upgrade to 3.4.1 · Issue #4747 · primefaces/primefaces · GitHub

Thanks,

Melloware

2

Support is the right place to ask for help with data issues. Please raise a ticket for this in our support system:

https://support.sonatype.com

Rich