Merge pull request #148 from folio-org/APPPOCTOOL-32-resteasy-multipa…

…rt-provider-6.2.10 APPPOCTOOL-32: resteasy-multipart-provider 6.2.10 fixing CVE-2024-21742
folio-org · Sep 10, 2024 · f0e8770 · f0e8770
2 parents 3f41185 + 5a49411
commit f0e8770
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/folio-security/pom.xml b/folio-security/pom.xml
@@ -87,6 +87,17 @@
       <version>${keycloak-admin-client.version}</version>
     </dependency>
 
+    <!-- Fix vulnerability in org.apache.james:apache-mime4j-core
+         https://www.cve.org/CVERecord?id=CVE-2024-21742
+         Remove this dependency when keycloak-admin-client ships with
+         resteasy-multipart-provider >= 6.2.10.Final
+    -->
+    <dependency>
+      <groupId>org.jboss.resteasy</groupId>
+      <artifactId>resteasy-multipart-provider</artifactId>
+      <version>6.2.10.Final</version>
+    </dependency>
+
     <!-- Test dependencies -->
 
     <dependency>