Uploaded image for project: 'mod-data-import'
  1. mod-data-import
  2. MODDATAIMP-730

Spring 5.3, kafkaclients 3.2.3, folio-di-support 1.7.0

    XMLWordPrintable

Details

    • Folijet Sprint 152
    • 0
    • Folijet
    • Nolana (R3 2022) Bug Fix
    • Related dependency upgrade

    Description

      Upgrade kafkaclients from 3.1.0 to 3.2.3 fixing Memory Allocation with Excessive Size Value:
      https://nvd.nist.gov/vuln/detail/CVE-2022-34917

      Upgrade kafka-junit from 3.1.0 to 3.2.2 to match the kafkaclients version.

      Remove unsed httpclient. This indirectly removes commons-codec 1.11 that has Information Exposure vulnerability:
      https://app.snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518

      Remove JUnitParams from runtime, use for test only. This indirectly removes junit 4.12 from runtime that has an Information Exposure vulnerability:
      https://nvd.nist.gov/vuln/detail/CVE-2020-15250

      Upgrade springframework from 5.2.8.RELEASE to 5.3.22. Note that open source spring 5.2.* has reached it's end of life and has been out of support since 2021-12-31: https://spring.io/projects/spring-framework#support

      Remove unused spring-beans 5.2.8.RELEASE dependency that has the Spring4Shell Remote Code Execution vulnerability (FOLIO-3466):
      https://nvd.nist.gov/vuln/detail/CVE-2022-22965

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                julianladisch Julian Ladisch
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases