Vulnerable dependency xmlrpc-common-3.1.3.jar: CVE-2016-5002

[concernedrat]

A quick security check on the dependencies thrown a high (CVSS >= 8) for xmlrpc-common.

I will submit a patch (major update) to this project to swap the xmlrpc client for a non-vulnerable xmlrpc client

[concernedrat]

Planning to use this lib:

https://github.com/gturri/aXMLRPC

Any suggestions are greatly appreciated.

[flotho]

Hi @georgerb ,
Thanks for your proposal.
This point has been pointed out by Pentaho Team #43 .
So great idea.