Details
-
Bug
-
Status: Closed (View Workflow)
-
P2
-
Resolution: Done
-
2.6.1
-
-
Folijet Sprint 152
-
0
-
Folijet
-
Nolana (R3 2022) Bug Fix
-
Related dependency upgrade
Description
Upgrade kafkaclients from 3.1.0 to 3.2.3 fixing Memory Allocation with Excessive Size Value:
https://nvd.nist.gov/vuln/detail/CVE-2022-34917
Upgrade kafka-junit from 3.1.0 to 3.2.2 to match the kafkaclients version.
Remove unsed httpclient. This indirectly removes commons-codec 1.11 that has Information Exposure vulnerability:
https://app.snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518
Remove JUnitParams from runtime, use for test only. This indirectly removes junit 4.12 from runtime that has an Information Exposure vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2020-15250
Upgrade springframework from 5.2.8.RELEASE to 5.3.22. Note that open source spring 5.2.* has reached it's end of life and has been out of support since 2021-12-31: https://spring.io/projects/spring-framework#support
Remove unused spring-beans 5.2.8.RELEASE dependency that has the Spring4Shell Remote Code Execution vulnerability (FOLIO-3466):
https://nvd.nist.gov/vuln/detail/CVE-2022-22965
TestRail: Results
Attachments
Issue Links
- blocks
-
FOLIO-3466 Spring4Shell: spring-beans RCE Vulnerability (CVE-2022-22965)
-
- Closed
-
-
MODDATAIMP-731 Release v2.6.2 (R3 Nolana Bugfix)
-
- Closed
-
- defines
-
UXPROD-3557 NFR: Data Import Technical, NFR, & Misc work (Nolana R3 2022)
-
- Closed
-
- relates to
-
-
- Closed
-
- to be improved by
-
-
- Open
-