[MODCXMUX-85] Upgrade deps fixing DoS and HTTP Request Smuggling - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: P3
Resolution: Done
Affects Version/s: None
Fix Version/s: None
Labels:

Template:
Development Team:
Spitfire
RCA Group:
TBD

Description

Upgrade Vert.x from 4.1.0.CR1 to 4.2.7 fixing many bugs. This also indirectly upgrades netty-codec-http from 4.1.65.Final to 4.1.74.Final fixing HTTP Request Smuggling https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43797

Upgrade log4j from 2.16.0 to 2.17.2 fixing Denial of Service (DoS) https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45105

Upgrade RMB from 33.0.0 to 33.2.9 fixing many bugs.

Upgrade folio-service-tools from 1.7.0 to 1.8.0.

TestRail: Results

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Julian Ladisch

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 04/May/22 8:58 AM

Updated:: 06/May/22 7:02 PM

Resolved:: 06/May/22 7:02 PM

TestRail: Runs

TestRail: Cases