Upgrade aws-sdk-java, minio, netty, jackson-databind fixing vulns

Description

Upgrade aws-sdk-java from 2.17.267 to 2.19.1. This indirectly upgrades Netty from 4.1.77.Final to 4.1.86.Final fixing HTTP Response Splitting: https://nvd.nist.gov/vuln/detail/CVE-2022-41915

Upgrade minio from 8.4.5 to 8.4.6. This indirectly upgrades jackson-databind from 2.13.2.2 to 2.13.4.2 fixing Denial of Service (DoS): https://nvd.nist.gov/vuln/detail/CVE-2022-42003 , https://nvd.nist.gov/vuln/detail/CVE-2022-42004

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:

Julian Ladisch January 14, 2023 at 5:09 PM
Edited

Can you code review the pull request https://github.com/folio-org/folio-s3-client/pull/3 to get the security vulnerabilities being fixed?

Done

Details
Assignee
Viachaslau Khandramai(Deactivated)
Reporter
Julian Ladisch
Labels
securitysecurity-reviewed
Priority
P2
Story Points
1
Development Team
Firebird
Fix versions
v1.0.0
RCA Group
Related dependency upgrade
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs

Created December 22, 2022 at 6:39 PM

Updated February 22, 2023 at 1:21 PM

Resolved February 8, 2023 at 3:16 PM

TestRail: Cases

TestRail: Runs

Upgrade aws-sdk-java, minio, netty, jackson-databind fixing vulns

Description

CSP Request Details

CSP Rejection Details

Potential Workaround

Checklist

TestRail: Results

Activity

Julian Ladisch January 14, 2023 at 5:09 PMEdited

Details

Assignee

Reporter

Labels

Priority

Story Points

Development Team

Fix versions

RCA Group

TestRail: Cases

TestRail: Runs

Julian Ladisch January 14, 2023 at 5:09 PM
Edited