[MODDICONV-241] Update dependencies fixing CVE-2020-36518, CVE-2021-43797 - Lotus BF - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: P3
Resolution: Done
Affects Version/s: None
Fix Version/s: 1.13.3
Labels:
- back-end
- bug
- data-import
- epam-folijet
- security

Template:
Sprint:
Folijet Sprint 136
Story Points:
0
Development Team:
Folijet
Release:
Lotus (R1 2022) Bug Fix
Epic Link:
Batch Importer (Bib/Acq)
RCA Group:
Related dependency upgrade

Description

Update RMB from 33.2.2 to 33.2.8.

The RMB update indirectly updates jackson-databind from 2.11.4 to 2.13.2.1 fixing https://nvd.nist.gov/vuln/detail/CVE-2020-36518

Update Vert.x from 4.2.1 to 4.2.6.

The Vert.x update indirectly updates Netty from 4.1.69.Final to 4.1.74.Final fixing https://nvd.nist.gov/vuln/detail/CVE-2021-43797

Update log4j from 2.17.0 to 2.17.2 fixing https://nvd.nist.gov/vuln/detail/CVE-2021-44832

Update junit from 4.13 to 4.13.2 fixing https://nvd.nist.gov/vuln/detail/CVE-2020-15250

Update wiremock from 2.19.0 to 2.32.0.

Update mockito from 3.5.13 to 4.4.0.

Update rest-assured from 4.3.3 to 4.5.1.

Update testcontainers from 1.15.3 to 1.16.3.

TestRail: Results

Attachments

Issue Links

blocks

MODDICONV-242 Release v1.13.3 (R1 Lotus Bugfix)

Closed

defines

UXPROD-3463 NFR: Data Import R1 2022 Lotus Support Bug Work

Closed

is cloned by

MODDICONV-243 Update dependencies fixing CVE-2020-36518, CVE-2021-43797 - Morning Glory

Closed

Activity

People

Assignee:: Julian Ladisch

Reporter:: Julian Ladisch

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 28/Mar/22 4:30 PM

Updated:: 19/Apr/22 7:13 AM

Resolved:: 03/Apr/22 8:36 PM

Update dependencies fixing CVE-2020-36518, CVE-2021-43797 - Lotus BF