The pax-jdbc-features 1.5.6 includes a transitive dependency on com.mysql:mysql-connector-j verion 8.1.0, which introduces a high vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2023-22102
- relates to
-
ODLPARENT-310 Bump PAX-JDBC version to the latest 1.5.7
- In Progress