Done
Details
Details
Assignee
Viachaslau Khandramai
Viachaslau Khandramai
Reporter
Julian Ladisch
Julian LadischPriority
P2Story Points
1
Sprint
None
Development Team
Firebird
Fix versions
Release
Ramsons (R2 2024) Bug Fix
RCA Group
TBD
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created December 10, 2024 at 5:57 PM
Updated January 9, 2025 at 4:25 PM
Resolved December 12, 2024 at 12:37 PM
Upgrade Spring Boot from Quesnelia version 3.2.10 to Ramsons version 3.3.6.
This fixes these security vulnerabilities:
https://www.cve.org/CVERecord?id=CVE-2024-38827 spring-security-core Authorization Bypass
https://www.cve.org/CVERecord?id=CVE-2024-38827 spring-security-crypto Authorization Bypass
Upgrade kafka from 3.6.2 to 3.8.0 and spring-kafka from 3.1.9 to 3.3.0. This fixes these security vulnerabilities:
https://www.cve.org/CVERecord?id=CVE-2024-31141 kafka-clients Files or Directories Accessible to External Parties
Upgrade folio-spring-base from 8.2.1 to 8.2.2 fixing these security vulnerabilities:
https://www.cve.org/CVERecord?id=CVE-2024-47535 netty-common Denial of Service (DoS)
https://www.cve.org/CVERecord?id=CVE-2024-52317 tomcat-embed-core Inadequate Encryption Strength
https://www.cve.org/CVERecord?id=CVE-2024-38820 spring-* Improper Handling of Case Sensitivity