Uploaded image for project: 'folio-spring-base'
  1. folio-spring-base
  2. FOLSPRINGB-68

Upgrade spring-security-rsa, bcprov-jdk15on, postgresql fixing vulns

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • P3
    • Resolution: Done
    • 4.1.0
    • 4.1.1
    • Spring Force
    • Morning Glory (R2 2022) Bug Fix
    • Related dependency upgrade

    Description

      Upgrade spring-security-rsa from 1.0.10.RELEASE to 1.0.11.RELEASE. This indirectly upgrades org.bouncycastle:bcprov-jdk15on from 1.68 to 1.69 fixing weak cryptography in HMAC: https://app.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-2841508

      Upgrade org.postgresql:postgresql from 42.3.5  to 42.5.0 fixing SQL Injection: https://nvd.nist.gov/vuln/detail/CVE-2022-31197

      While it is more unlikely than likely that any folio-spring-base using module is affected by these issues it is more easy for each module to bump the folio-spring-base version than investigate whether it is affected by the issues.

      TestRail: Results

        Attachments

          Issue Links

            has to be done before

            Task - A task that needs to be done. FOLSPRINGB-69 Release folio-spring-base 4.1.1

            • TBD - To be determined
            • Closed

            Activity

              People

                Unassigned Unassigned
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases