Impact of CVE-2020-29510 on Mender

Hi there!

How do you consider the impact of CVE-2020-29510 [1] on Mender? Do you think this is critical? We are asking since warrior-v2020.10 is directly affected with version 1.14.7.

Best regards

[1] NVD - CVE-2020-29510

@kacf any thoughts on this?

Hello @deffo, neither the Mender Client nor Mender Connect uses encoding/xml anywhere, including in sub packages, so I believe they are not affected.