Skip to content

Please bump mina-core to a version not encumbered by any CVE's #1219

Description

@martinhallerdal

Describe the bug
quickfixj-core:3.0.0 depends on mina-core:2.2.4 which is affected by two CVEs: CVE-2026-41635 and CVE-2026-41409.

I saw Christoph's comment in #1203 regarding one of these CVE's but the IT security divisions of many organizations, including ours, do not really care if things are used or not. We are subject to automated scans of all deployed software with vulnerabilities automatically detected. If they detect a CVE it gets automatically flagged.

To Reproduce
n/a

Expected behavior
0 CVE vulnerabilites in mina-core version

system information:
n/a

Additional context
n/a

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No fields configured for Bug.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions