[MODINVUP-26] Update Netty, Vert.x, log4j, drop RMB (CVE-2021-43797, ...) - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: P2
Resolution: Done
Affects Version/s: None
Fix Version/s: 2.0.0
Labels:
- security
- security-reviewed

Template:
Development Team:
Sif
RCA Group:
TBD

Description

Update log4j from both 1.2.17 and 2.13.3 to 2.17.1 fixing

Update Vert.x from 4.0.0 to 4.2.4, this updates Netty and jackson-databind.

Indirectly update Netty from 4.1.42 to 4.1.73 fixing:

Indirectly update jackson-databind from 2.10.2 to 2.13.1 fixing

https://nvd.nist.gov/vuln/detail/CVE-2020-25649

Update okapi-common from 3.1.3 to 4.12.0.
Remove raml-module-builder (RMB) reducing
the fat jar size from 49 MB to 9 MB and
the Docker image size from 225 MB to 184MB.

Update junit from 4.12 to 4.13.2 fixing

https://nvd.nist.gov/vuln/detail/CVE-2020-15250

Update rest-assured from 2.8.0 to 4.5.0.

TestRail: Results

Attachments

Activity

People

Assignee:: Niels Erik Gilvad Nielsen

Reporter:: Julian Ladisch

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 07/Feb/22 9:42 PM

Updated:: 17/Feb/22 5:27 PM

Resolved:: 17/Feb/22 5:13 PM

Update Netty, Vert.x, log4j, drop RMB (CVE-2021-43797, ...)