-
Notifications
You must be signed in to change notification settings - Fork 406
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update to JSoup 1.16.2 #2957
Update to JSoup 1.16.2 #2957
Conversation
e0ba1fc
to
44ec0a9
Compare
Version 1.14.2 used till now is vulnerable to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36033 .
It looks like this is blocked by #2214 . Whitelist exists in 1.14.2 but appears to have been removed in 1.16.2.
|
So remark is dead (https://github.com/kotcrab/remark-java/) even repo being archived and it relies on jsoup classes that are removed in versions without the cve. |
Indeed we need to use a different html -> markdown converter. https://github.com/vsch/flexmark-java might be the way that's what the Intellij LSP4IJ client uses. |
We can probably close this and hopefully @datho7561's experiments in #2214 will resolve this. |
Closing. |
FTR, if we move to flexmark, we'll still depend on jsoup. But I expect the flexmark migration to update the jsoup dependency in the process. |
Version 1.14.2 used till now is vulnerable to
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36033 .