Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Vert.x 4.4.6, log4j 2.20.0, jackson 2.15.0, Netty 4.1.100

Description

Upgrade Vert.x from 4.3.8 to the Poppy version 4.4.6.

Upgrade log4j from 2.17.* to 2.20.0 to use a version that is compatible with Vert.x.

Upgrading Vert.x indirectly upgrades jackson-core from 2.14.0 to 2.15.0 fixing Jackson Number Parse DoS (RISMA-2023-0067): https://github.com/FasterXML/jackson-core/pull/827

Upgrading Vert.x indirectly upgrades Netty from 4.1.87.Final to 4.1.100.Final fixing HTTP/2 DoS: https://nvd.nist.gov/vuln/detail/CVE-2023-44487

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Attachments

1

Checklist

hide

TestRail: Results

Activity

Show:

Charlotte Whitt December 14, 2023 at 4:38 PM

Awesome - thanks and - I'll close the ticket as Done

Julian Ladisch December 14, 2023 at 4:13 PM

edge-connexion 1.1.1 has been deployed to https://bugfest-poppy.int.aws.folio.org/settings/about

Thanks!

Charlotte Whitt December 13, 2023 at 10:12 AM
Edited

Hi - I notice that Vert.x 4.4.6, log4j 2.20.0, jackson 2.15.0, Netty 4.1.100 - has not been deployed to Bugfest Poppy on Monday, as you had talked with about on Friday.

Please proceed with the deployment, while this fix has been identified as important by the Security team, and we need to get it in for Poppy Bugfix. Thanks

CC:

Charlotte Whitt December 8, 2023 at 11:00 AM

- this work is now fixed and the module release yesterday evening. Please proceed with the deployment into Bugfest Poppy environment.

Charlotte Whitt December 7, 2023 at 7:26 PM
Edited

- this ticket was Code reviewed two days ago, and will now release the code. Then we will get it in for Poppy Bugfix release.

Let me know if you have any questions.

Done

Details

Assignee

Reporter

Labels

Priority

Sprint

Development Team

Thor

Fix versions

Release

Poppy (R2 2023) Bug Fix

RCA Group

Related dependency upgrade

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created November 23, 2023 at 4:49 PM
Updated December 14, 2023 at 4:38 PM
Resolved December 7, 2023 at 7:21 PM
TestRail: Cases
TestRail: Runs