Uploaded image for project: 'FOLIO'
  1. FOLIO
  2. FOLIO-1685

Backend modules using RMB should update to fix jackson-databind security vulnerability

    XMLWordPrintable

    Details

    • Template:
    • Development Team:
      Core: Platform

      Description

      RMB has updated jackson-databind to version 2.9.8 fixing these security vulnerabitities:

      RMB >= 23.3.1 and RMB 23.2.x >= 23.2.2 has the fix.

      Any module that uses RMB can update to a fixed RMB version (preferred) or manually update jackson-databind to 2.9.8.

      This is the list of 2018-Q4 backend modules, at the beginning of the line is the RMB version it uses. ------ indicates that it does not use RMB.

      Core Modules 2018-Q4
      RMB ------ mod-authtoken 2.0.3
      RMB 23.1.0 mod-circulation 14.1.0
      RMB 23.1.0 mod-circulation-storage 6.2.0
      RMB 23.2.1 mod-codex-inventory 1.4.0
      RMB 23.2.1 mod-codex-mux 2.3.0
      RMB 21.0.3 mod-configuration 5.0.1
      RMB 23.0.0 mod-feesfines 15.1.0
      RMB ------ mod-inventory 11.0.0
      RMB 23.1.0 mod-inventory-storage 14.0.0
      RMB 23.0.0 mod-login 4.6.0
      RMB 23.2.1 mod-notes 2.2.0
      RMB 23.3.0 mod-notify 2.1.0
      RMB 21.0.4 mod-permissions 5.4.0
      RMB 23.2.1 mod-tags 0.2.0
      RMB 21.0.4 mod-template-engine 1.0.1
      RMB 23.0.0 mod-users 15.3.0
      RMB 23.2.1 mod-users-bl 4.3.2

      External Modules 2018-Q4
      RMB ------ mod-agreements 1.0.2
      RMB 23.2.1 mod-audit 0.0.3
      RMB ------ mod-audit-filter 0.0.4
      RMB 23.2.1 mod-calendar 1.2.0 (jackson-databind 2.8.11.1)
      RMB 19.0.0 mod-marccat 1.2.0
      RMB 21.0.4 mod-codex-ekb 1.1.0
      RMB ?????? mod-credits not on https://github.com/folio-org
      RMB 23.0.0 mod-data-import 1.0.0
      RMB 21.0.3 mod-email 1.0.0
      RMB 23.1.0 mod-erm-usage 1.0.0
      RMB 23.1.0 mod-erm-usage-harvester 1.0.0
      RMB 23.0.0 mod-event-config 1.0.0
      RMB 19.0.0 mod-finance-storage 1.0.1
      RMB 19.1.5 mod-gobi 1.0.1
      RMB ------ mod-kb-ebsco 1.1.0
      RMB 23.2.0 mod-kb-ebsco-java no versioning
      RMB ------ mod-licenses 1.0.2
      RMB 15.0.2 mod-login-saml 1.2.1 (jackson.version 2.9.7)
      RMB 23.1.0 mod-oai-pmh 1.0.1
      RMB 23.2.1 mod-orders 1.0.2
      RMB 23.1.0 mod-orders-storage 1.0.2
      RMB 19.1.3 mod-patron 1.2.0
      RMB 19.1.3 mod-rtac 1.2.1
      RMB 21.0.4 mod-sender 1.0.0
      RMB 21.0.3 mod-source-record-manager 0.1.0
      RMB 23.0.0 mod-source-record-storage 1.0.0
      RMB 17.0.0 mod-user-import 3.1.0
      RMB 19.0.0 mod-vendors 1.0.3

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                Unassigned Unassigned
                Reporter:
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases