[MODLOGSAML-129] Netty 4.1.72, Log4j 2.17.0, Vert.x 4.2.3, RMB 33.2.3 - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: TBD
Resolution: Done
Affects Version/s: 2.3.1
Fix Version/s: 2.3.2, 2.4.0
Labels:
- security

Template:

Standard Bug Write-Up Format
Sprint:
CP: sprint 130
Story Points:
1
Development Team:
Core: Platform

Description

The Netty upgrade fixes HTTP request header smuggling: https://nvd.nist.gov/vuln/detail/CVE-2021-43797

Netty is indirectly upgraded via Vert.x upgrade.

Log4j is indirectly upgraded via RMB upgrade.

TestRail: Results

Attachments

Activity

People

Assignee:: Julian Ladisch

Reporter:: Julian Ladisch

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Dec/21 9:02 PM

Updated:: 10/Jan/22 4:32 PM

Resolved:: 22/Dec/21 1:40 AM

TestRail: Runs

TestRail: Cases