[FOLIO-3151] Upgrade nexus from 3.28.1-01 to 3.30.1 (CVE-2020-13933) - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: P2
Resolution: Done
Component/s: Continuous Integration
Labels:

Template:

Standard Bug Write-Up Format
Sprint:
DevOps Sprint 113, DevOps Sprint 114, DevOps Sprint 115, DevOps Sprint 116, DevOps Sprint 117, DevOps Sprint 118
Development Team:
FOLIO DevOps

Description

https://repository.folio.org/ runs Nexus 3.28.1-01.

It has these known vulnerabilities:

authentication bypass in Apache Shiro (CVE-2020-13933) (high)
directory traversal (CVE-2021-30635) (medium)
cross-site scripting (XSS) (CVE-2021-29159) (medium)
sensitive information disclosure (SID) (CVE-2021-29158) (medium)

Nexus 3.30.1 has fixes for them.

Nexus 3.28.1 has been released 2020-10-19.
Nexus 3.30.1 has been released 2021-04-22.

Task:

Upgrade Nexus from 3.28.1-01 to 3.30.1.

TestRail: Results

Attachments

Activity

People

Assignee:: John Malconian

Reporter:: Julian Ladisch

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 08/May/21 8:49 PM

Updated:: 22/Jul/21 6:14 AM

Resolved:: 13/Jul/21 1:56 AM

TestRail: Runs

TestRail: Cases