[MODSOURMAN-651] cql2pgjson, Vertx 4.2.2, JUnit 4.13.2 - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: P3
Resolution: Done
Affects Version/s: None
Fix Version/s: 3.3.0
Labels:

Template:
Sprint:
Folijet Sprint 129
Story Points:
0
Development Team:
Folijet
Release:
Lotus R1 2022
Epic Link:
Batch Importer (Bib/Acq)
RCA Group:
Third party component integration

Description

Remove cql2pgjson dependency.

Update Vert.x from 4.2.1 to 4.2.2.

Update JUnit from 4.13 to 4.13.2.

This fixes these vulnerabilities:

cql2pgjson: "MITM attack http maven repository" ~~RMB-823~~ https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291

Vert.x/Netty: "HTTP request smuggling" https://nvd.nist.gov/vuln/detail/CVE-2021-43797

JUnit: "TemporaryFolder local information disclosure" https://nvd.nist.gov/vuln/detail/CVE-2020-15250

TestRail: Results

Attachments

Issue Links

blocks

MODDICORE-227 GitHub Actions verifying -SNAPSHOT dependants

Closed

defines

FOLIO-3045 Replace http by https in http://maven.indexdata.com/ in pom.xml files

Closed

UXPROD-3262 NFR: Data Import R1 2022 Lotus Technical, NFR, & Misc work

Closed

relates to

RMB-823 Update maven.indexdata.com url

Closed

Activity

People

Assignee:: Julian Ladisch

Reporter:: Julian Ladisch

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/Dec/21 4:39 PM

Updated:: 03/Mar/22 7:36 PM

Resolved:: 17/Dec/21 1:32 PM

cql2pgjson, Vertx 4.2.2, JUnit 4.13.2