Uploaded image for project: 'mod-di-converter-storage'
  1. mod-di-converter-storage
  2. MODDICONV-279

Spring 5.2.22 fixing vulnerabilities (Spring4Shell, etc.) MG

    XMLWordPrintable

Details

    • Folijet Sprint 155
    • 0
    • Folijet
    • Morning Glory (R2 2022) Hot Fix #1
    • Yes
    • Spring4Shell hot fixes have been approved in #release_bug_triage on May 6th, 2022.
    • Related dependency upgrade

    Description

      For 2022 R2 Morning Glory Hot Fix:

      Upgrade Spring Framework from 5.2.8.RELEASE to 5.2.22.RELEASE.

      The Spring upgrade upgrades spring-beans fixing Spring4Shell Remote Code Execution and Denial of Service (DoS):
      https://nvd.nist.gov/vuln/detail/CVE-2022-22965
      https://nvd.nist.gov/vuln/detail/CVE-2022-22970
      Learn more about Spring4Shell at FOLIO-3466.

      The Spring upgrade upgrades spring-context fixing Improper Handling of Case Sensitivity:
      https://nvd.nist.gov/vuln/detail/CVE-2022-22968

      The Spring upgrade upgrades spring-expression fixing Denial of Service (DoS):
      https://nvd.nist.gov/vuln/detail/CVE-2022-22950

      The Spring upgrade upgrades spring-core fixing Improper Input Validation and Improper Output Neutralization for Logs:
      https://nvd.nist.gov/vuln/detail/CVE-2021-22060
      https://nvd.nist.gov/vuln/detail/CVE-2021-22096

      TestRail: Results

        Attachments

          Issue Links

            blocks

            Umbrella - FOLIO-3466 Spring4Shell: spring-beans RCE Vulnerability (CVE-2022-22965)

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Task - A task that needs to be done. MODDICONV-283 Release v1.14.4 (R2 MG hotfix #1)

            • P2 - normal priority level, must be included in the current development cycle
            • Closed
            defines

            New Feature - New feature requests UXPROD-3576 NFR: Data Import Support Bug work (Nolana R3 2022)

            • P2 - normal priority level, must be included in the current development cycle
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. MODDICONV-260 spring-beans 5.3.20, Vert.x 4.3.3 fixing vulns

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. MODSOURMAN-923 Spring 5.2.22 fixing Spring4Shell CVE-2022-22965 (MG)

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            Activity

              People

                julianladisch Julian Ladisch
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases