Done
Details
Assignee
UnassignedUnassignedReporter
Julian LadischJulian LadischPriority
TBDDevelopment Team
FirebirdFix versions
Release
Nolana (R3 2022) Bug FixRCA Group
Related dependency upgradeAffected releases
Nolana (R3 2022)TestRail: Cases
Open TestRail: CasesTestRail: Runs
Open TestRail: Runs
Details
Details
Assignee
Unassigned
UnassignedReporter
Julian Ladisch
Julian LadischPriority
TBDDevelopment Team
Firebird
Fix versions
Release
Nolana (R3 2022) Bug Fix
RCA Group
Related dependency upgrade
Affected releases
Nolana (R3 2022)
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created November 14, 2022 at 10:24 PM
Updated February 22, 2023 at 12:29 PM
Resolved December 1, 2022 at 2:58 PM
Upgrade Jackson from 2.12.0 to 2.14.0 fixing Denial of Service (DoS):
https://nvd.nist.gov/vuln/detail/CVE-2020-36518
https://nvd.nist.gov/vuln/detail/CVE-2022-42003
https://nvd.nist.gov/vuln/detail/CVE-2022-42004
https://app.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698
Upgrade log4j from 2.16.0 to 2.19.0 fixing Denial of Service (DoS) and Arbitrary Code Execution:
https://nvd.nist.gov/vuln/detail/CVE-2021-45105
https://nvd.nist.gov/vuln/detail/CVE-2021-44832
Upgrade commons-io from 2.6 to 2.11.0 fixing Directory Traversal:
https://nvd.nist.gov/vuln/detail/CVE-2021-29425
Upgrade json-path from 2.4.0 to 2.7.0. This indirectly upgrades json-smart from 2.3 to 2.4.7 fixing Denial of Service (DoS):
https://nvd.nist.gov/vuln/detail/CVE-2021-27568
https://nvd.nist.gov/vuln/detail/CVE-2021-31684