Uploaded image for project: 'folio-kafka-wrapper-util'
  1. folio-kafka-wrapper-util
  2. KAFKAWRAP-25

Upgrade dependencies fixing vulnerabilities

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • TBD
    • Resolution: Done
    • 2.6.0
    • 2.6.1
    • Folijet Sprint 151
    • 0
    • Folijet
    • Nolana (R3 2022)
    • Related dependency upgrade

    Description

      Upgrade Vert.x from 4.2.7 to 4.3.4.

      The Vert.x upgrade indirectly upgrades jackson-databind from 2.13.2.1 to 2.13.4 fixing Denial of Service (DoS) https://nvd.nist.gov/vuln/detail/CVE-2022-42004

      The Vert.x upgrade indirectly upgrades kafka-clients from 2.6.3 to 3.0.2 fixing a Timing Attack https://nvd.nist.gov/vuln/detail/CVE-2021-38153

      The Vert.x upgrade indirectly upgrades netty-common from 4.1.74.Final to 4.1.82.Final fixing Information Exposure https://nvd.nist.gov/vuln/detail/CVE-2022-24823

      Upgrade all other dependencies to the latest release version.

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                julianladisch Julian Ladisch
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases