security vulnerability

[Ash]

Hello there, I was just wondering any new versions in the works as I've come across couple of vulnerabilities in the current. e.g.  CVE-2016-1000027,  CVE-2025-24813
Many Thanks

[Benjamin Cogrel]

Hi Ash,

Thanks for asking.

  - CVE-2016-1000027: this is a controversial "critical" vulnerability. Ontop is not affected but we cannot unfortunately eliminate the alert without upgrading to Java 17 (required by Spring Boot 3).

     We may consider upgrading to Java 17 or 21 this year, but we still need to discuss it amongst ourselves.

  - CVE-2025-24813 has already been addressed in the main development branch (version5). It will take part of 5.3.1 and 5.4.0.

Best,

Benjamin

On Sat, Apr 26, 2025 at 4:29 PM Ash <ashraff...@gmail.com> wrote:

Hello there, I was just wondering any new versions in the works as I've come across couple of vulnerabilities in the current. e.g.  CVE-2016-1000027,  CVE-2025-24813
Many Thanks

--
Please follow our guidelines on how to report a bug https://ontop-vkg.org/community/contributing/bug-report
---
You received this message because you are subscribed to the Google Groups "ontop4obda" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ontop4obda+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ontop4obda/b1f2a364-6b89-4a9e-99c6-d55cd51de461n%40googlegroups.com.