Details
-
Bug
-
Status: Closed (View Workflow)
-
P3
-
Resolution: Done
-
5.0.1
-
-
Spitfire
-
Nolana (R3 2022)
-
Related dependency upgrade
Description
Upgrade jackson-databind from 2.13.3 to 2.13.4.2 fixing Denial of Service (DoS) vulnerabilities:
https://nvd.nist.gov/vuln/detail/CVE-2022-42003
https://nvd.nist.gov/vuln/detail/CVE-2022-42004
Upgrade commons-text from 1.9 to 1.10.0 fixing Arbitrary Code Execution
https://nvd.nist.gov/vuln/detail/CVE-2022-42889
Upgrade RMB from 33.2.4 to 35.0.1.
Note that org.folio:cql2pgjson is a component of RMB:
https://github.com/folio-org/raml-module-builder/tree/v35.0.1
TestRail: Results
Attachments
Issue Links
- has to be done before
-
FOLSPRINGB-79 Release folio-spring-base v5.0.2 Nolana (R3 2022)
-
- Closed
-