Done
Details
Assignee
UnassignedUnassignedReporter
Julian LadischJulian LadischLabels
Priority
P2Development Team
VolarisRelease
Quesnelia (R1 2024) Service Patch #1RCA Group
Related dependency upgradeCSP Approved
YesTestRail: Cases
Open TestRail: CasesTestRail: Runs
Open TestRail: Runs
Details
Details
Assignee
Unassigned
UnassignedReporter
Julian Ladisch
Julian LadischLabels
Priority
P2Development Team
Volaris
Release
Quesnelia (R1 2024) Service Patch #1
RCA Group
Related dependency upgrade
CSP Approved
Yes
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created June 6, 2024 at 6:21 PM
Updated October 31, 2024 at 7:38 AM
Resolved June 25, 2024 at 2:59 PM
Upgrade edge-common-spring from 2.4.3 to 2.4.4.
Upgrade Spring Boot from 3.2.3 to 3.2.6.
The Spring Boot upgrade indirectly upgrades spring-web from 6.1.4 to 6.1.8 fixing UriComponentsBuilder Open Redirect:
https://spring.io/security/cve-2024-22259
https://spring.io/security/cve-2024-22262
The Spring Boot upgrade indirectly upgrades netty-codec-http from 4.1.107.Final to 4.1.110.Final fixing form POST OOM:
https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v = CVE-2024-29025