Skip to:

Skip to Jira Navigation
Skip to Side Navigation
Skip to Main Content

aws-java-sdk-ssm 1.12.729 removing ion-java CVE-2024-21634

Description

Upgrade aws-java-sdk-ssm from 1.12.540 to 1.12.729. This removes the vulnerable dependency ion-java that has an out-of-memory (OoM) vulnerability:

https://github.com/amazon-ion/ion-java/security/advisories/GHSA-264p-99wq-f4j6 =

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Checklist

hide

Activity

Show:

Julian Ladisch June 5, 2024 at 5:03 PM

edge-rtac 2.7.2 indeed has aws-java-sdk-ssm 1.12.729: https://github.com/folio-org/edge-rtac/blob/v2.7.2/pom.xml#L126

Denis May 31, 2024 at 7:59 AM

Hello
could you please rest/verify the changes on Q Bugfest? The edge-rtac 2.7.2 was deployed by Kitfox. Thank you
cc

Done

Details
Assignee
Julian Ladisch
Reporter
Julian Ladisch
Tester Assignee
Julian Ladisch
Labels
security
Priority
P3
Development Team
Dreamliner
Fix versions
2.7.2
Release
Quesnelia (R1 2024) Bug Fix
RCA Group
Related dependency upgrade
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs

Created May 25, 2024 at 1:32 PM

Updated June 5, 2024 at 5:03 PM

Resolved May 27, 2024 at 8:48 AM

TestRail: Cases

TestRail: Runs