Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Spring Boot 3.3.5, folio-spring-base 8.2.1 fixing vulns

Description

Upgrade Spring Boot from 3.3.4 to 3.3.5 and upgrade folio-spring-base from 8.2.0 to 8.2.1.

This fixes a tomcat-embed-core vulnerability (request/response mix-up between users): https://nvd.nist.gov/vuln/detail/CVE-2024-52317

The fix has been merged to master branch: https://github.com/folio-org/mod-okapi-facade/pull/31

The fix needs to be back-ported to the Ramsons branch b2.0.

Environment

None

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Estimation Notes and Assumptions

None

RCA Group Details

None

Checklist

hide

Activity

Show:

Denis December 30, 2024 at 4:24 PM
Edited

mod-okapi-facade-2.0.2 was deployed to the Eureka Ramsons bf env. Moved status to ‘In Bugfix Review' from status ‘Awaiting deployment’. Please proceed with the verification.

cc

Done

Details

Assignee

Reporter

Labels

Development Team

Eureka

Release

Ramsons (R2 2024) Bug Fix

RCA Group

Related dependency upgrade

Story Points

Sprint

Fix versions

Affects versions

Priority

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created December 17, 2024 at 10:33 PM
Updated February 26, 2025 at 11:40 AM
Resolved December 19, 2024 at 5:32 PM
TestRail: Cases
TestRail: Runs

Flag notifications