Uploaded image for project: 'mod-inventory'
  1. mod-inventory
  2. MODINV-732

PostgreSQL 42.5.0, jackson-databind 2.13.2.1, Vert.x 4.3.3

    XMLWordPrintable

Details

    • CP: Sprint 147, CP: Sprint 148
    • 1
    • Core: Platform
    • Morning Glory (R2 2022) Bug Fix
    • Related dependency upgrade

    Description

      Upgrade postgresql from 42.3.3 to 42.5.0 fixing SQL Injection https://nvd.nist.gov/vuln/detail/CVE-2022-31197

      Upgrade mod-source-record-storage-client from 5.3.0 to 5.4.1, this upgrades jackson-databind from 2.13.1 to 2.13.2.1 fixing Denial of Service (DoS) https://nvd.nist.gov/vuln/detail/CVE-2020-36518

      Upgrade Vert.x from 4.2.6 to 4.3.3, this upgrades vertx-kafka-client from 4.2.6 to 4.3.3, this upgrades jackson-databind from 2.13.1 to 2.13.2.20220324 fixing Denial of Service (DoS) https://nvd.nist.gov/vuln/detail/CVE-2020-36518

      TestRail: Results

        Attachments

          Issue Links

            has to be done before

            Task - A task that needs to be done. MODINV-738 Release mod-inventory 18.2.2 for MG bugfix

            • TBD - To be determined
            • Closed
            is blocked by

            Task - A task that needs to be done. MODSOURCE-532 Release v5.4.1 (R2 MG bugfix)

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Activity

              People

                julianladisch Julian Ladisch
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases