-
Bug
-
Resolution: Done
-
Medium
-
Dublin Release
Jython is vulnerable to the following CVE:
https://nvd.nist.gov/vuln/detail/CVE-2018-18074
https://nvd.nist.gov/vuln/detail/CVE-2018-20060
https://nvd.nist.gov/vuln/detail/CVE-2019-11236
https://nvd.nist.gov/vuln/detail/CVE-2019-9740
Note: the last jython release, which we are currently using (2.7.1), was in 2017. So it appears jython community is no longer active and therefore we should probably consider alternatives.