Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Spring4Shell Lotus R1 2022 (CVE-2022-22965)

Description

Upgrade spring-boot-starter-parent from 2.6.2 to >= 2.6.6 on b1.2 branch; or explain why edge-caiasoft is not affected by Spring4Shell. See FOLIO-3466

If master and b1.2 branch are the same then this issue and EDGCSOFT-35 are the same and one of them can be closed as duplicate.

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Attachments

2
  • 08 Apr 2022, 12:24 PM
  • 08 Apr 2022, 08:00 AM

Checklist

hide

TestRail: Results

Activity

Show:

Oleksandr Bozhko April 8, 2022 at 12:25 PM

This story can be closed as done.

Oleksandr Bozhko April 8, 2022 at 12:24 PM

This story was verified on snaphot:

 

Aliaksei Harbuz April 8, 2022 at 8:00 AM

After upgrade the spring-boot-start-parent to 2.6.6 API Karate tests run successfully for edge caiasoft module:

Aliaksei Harbuz April 6, 2022 at 9:05 AM
Edited

, need to migrate folio-spring-base to spring-boot-starter-parent from 2.6.2 to >= 2.6.6 as edge caiasoft module uses it as dependency.

Done

Details

Assignee

Reporter

Priority

Story Points

Sprint

Development Team

Firebird

Fix versions

Release

Lotus (R1 2022) Bug Fix

RCA Group

TBD

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created April 1, 2022 at 11:50 AM
Updated April 8, 2022 at 8:10 PM
Resolved April 8, 2022 at 12:25 PM
TestRail: Cases
TestRail: Runs

Flag notifications