[KAFKAWRAP-25] Upgrade dependencies fixing vulnerabilities - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: TBD
Resolution: Done
Affects Version/s: 2.6.0
Fix Version/s: 2.6.1
Labels:
- security

Template:
Sprint:
Folijet Sprint 151
Story Points:
0
Development Team:
Folijet
Release:
Nolana (R3 2022)
Epic Link:
Batch Importer (Bib/Acq)
RCA Group:
Related dependency upgrade

Description

Upgrade Vert.x from 4.2.7 to 4.3.4.

The Vert.x upgrade indirectly upgrades jackson-databind from 2.13.2.1 to 2.13.4 fixing Denial of Service (DoS) https://nvd.nist.gov/vuln/detail/CVE-2022-42004

The Vert.x upgrade indirectly upgrades kafka-clients from 2.6.3 to 3.0.2 fixing a Timing Attack https://nvd.nist.gov/vuln/detail/CVE-2021-38153

The Vert.x upgrade indirectly upgrades netty-common from 4.1.74.Final to 4.1.82.Final fixing Information Exposure https://nvd.nist.gov/vuln/detail/CVE-2022-24823

Upgrade all other dependencies to the latest release version.

TestRail: Results

Attachments

Issue Links

defines

UXPROD-3557 NFR: Data Import Technical, NFR, & Misc work (Nolana R3 2022)

Closed

Activity

People

Assignee:: Julian Ladisch

Reporter:: Julian Ladisch

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 14/Oct/22 10:08 AM

Updated:: 19/Oct/22 8:57 PM

Resolved:: 17/Oct/22 6:10 PM

TestRail: Runs

TestRail: Cases