I was wondering if you were planning to update the sshd jars to 2.9.1+ due to CVE
CVE-2022-45047
Thanks,
Karl
Hello Karl,
SVNKit is not affected by this vulnerability as it doesn’t use Apache SSHD library to load or save private key - key data is loaded externally.
Nevertheless, SVNKit 1.10.11 will include newer version of Apache SSHD library (2.9.2) with that vulnerability fixed.