Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Upgrade netty, postgresql, opencsv fixing vulns

Description

Upgrade netty from 4.1.82.Final to 4.1.86.Final fixing HTTP Response Splitting:

https://nvd.nist.gov/vuln/detail/CVE-2022-41915

Upgrade opencsv from 5.7.0 to 5.7.1.

The opencsv upgrade indirectly upgrades commons-text from 1.9 to 1.10.0. The opencsv dependencies is moved before the commons-configuration2 dependency that would otherwise enforce commons-text 1.9.

The commons-text upgrade fixes Arbitrary Code Execution:

https://nvd.nist.gov/vuln/detail/CVE-2022-42889

Upgrading postgresql from 42.5.0 to 42.5.1 fixes Information Exposure:

https://nvd.nist.gov/vuln/detail/CVE-2022-41946 

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:
Done

Details

Assignee

Reporter

Labels

Priority

Story Points

Sprint

Development Team

Spitfire

Fix versions

Release

Orchid (R1 2023)

RCA Group

Related dependency upgrade

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created December 21, 2022 at 6:53 PM
Updated March 22, 2023 at 1:13 PM
Resolved January 3, 2023 at 2:07 PM
Configure
TestRail: Cases
TestRail: Runs

Flag notifications