Issues
- UI-Quick-Marc Settings Lccn-Duplicate-Check Edit does not enable Settings moduleUIQM-763Ryan Berger
- CLONE - MARC bib > View Source > Display Version HistoryUIQM-761Resolved issue: UIQM-761Dmytro Melnyshyn
- Release ui-quick-marc v10.0.0 Sunflower Release (R1 2025)UIQM-759Resolved issue: UIQM-759Dmytro Melnyshyn
- quickMARC: Provide validation list for 008 pos 15-17 (Place of publication, production, or execution)UIQM-753Khalilah Gambrell
- migrate react-intl to v7UIQM-752Resolved issue: UIQM-752Denys Bohdan
- migrate stripes dependencies to their Sunflower versionsUIQM-751Resolved issue: UIQM-751Denys Bohdan
- Create modal to display MARC version history detailsUIQM-748Resolved issue: UIQM-748Dmytro Melnyshyn
- MARC holdings > View Source > Display Version HistoryUIQM-747Resolved issue: UIQM-747
- Create/Edit/Derive a MARC bib record > Allow a library to setup a validation rule to when a controllable field is not controlled by an authority heading.UIQM-746
- Create/Edit/Derive MARC bib/authority records: Display Field Help URLs (toggle on/off) before validation.UIQM-745
- Remove "Create a" text from the paneheader when creating new authority, bib, and holdings recordsUIQM-744
- Click "Cancel", "X", button doesn't show Unsaved changes modal when there are warn/fail errors in quickmarcUIQM-743Resolved issue: UIQM-743Dmytro Melnyshyn
- quickMARC not closing after saveUIQM-742Resolved issue: UIQM-742
- Release ui-quick-marc v8.0.2 Quesnelia (R1 2024) SP #8 ReleaseUIQM-741Resolved issue: UIQM-741Dmytro Melnyshyn
- Warn error toast with "0" count appears during create/edit MARC holdings recordUIQM-740Resolved issue: UIQM-740Denys Bohdan
- Attempt to "Edit MARC bibliographic record" and "Derive new MARC bibliographic record" via quickMarc fails with 400 response in /records-editor/recordsUIQM-739Resolved issue: UIQM-739Valery_Pilko
- CLONE for Ramsons - Unable to edit MARC bibliographic record in the member tenant despite having required permissions in the permission set.UIQM-738Resolved issue: UIQM-738
- UI width of 4th subfield in "LDR" field in "Edit MARC holdings" via "Actions" > "Edit in quickMARC" is too small to fit 10 character long valueUIQM-736Resolved issue: UIQM-736Denys Bohdan
- Add dropdown for authority source file in quickMARC for MARC authority recordsUIQM-754Resolved issue: UIQM-754Dmytro Melnyshyn
- Unable to edit MARC bibliographic record in the member tenant despite having required permissions in the permission set.UIQM-735Resolved issue: UIQM-735Dmytro Melnyshyn
- Hit "Esc" key doesn't show Unsaved changes modal when they are unsaved changes in quickmarcUIQM-732Resolved issue: UIQM-732Denys Bohdan
- Release ui-quick-marc v9.0.1 Ramsons BugFix Release (R2 2024)UIQM-731Resolved issue: UIQM-731Denys Bohdan
- Create/Edit/Derive MARC record - Retain focus when MARC record validation rules error displayUIQM-730Resolved issue: UIQM-730Denys Bohdan
- Requirements: Create authority record from bib access pointUIQM-729Resolved issue: UIQM-729Christine Schultz-Richert
- Create/Edit/Derive > Modal and focus handling when user hits Save & keep editing buttonUIQM-728Resolved issue: UIQM-728Denys Bohdan
- Wrong error message while saving MARC Bib record with invalid LDR position values.UIQM-725Resolved issue: UIQM-725Denys Bohdan
- Linked bib field controlled subfield box should honor controlled MARC authority subfield order (manual linking support)UIQM-724Resolved issue: UIQM-724Denys Bohdan
- Rename UI permissionsUIQM-723Resolved issue: UIQM-723Dmytro Melnyshyn
- Select a MARC authority record - Update auto-populate Advanced search and Browse queriesUIQM-762Denys Bohdan
- Release ui-quick-marc v9.0.0 Ramsons Release (R2 2024)UIQM-722Resolved issue: UIQM-722Denys Bohdan
- Create/Edit/Derive MARC bib > Linked bib field > Uncontrolled subfield textboxes > Allow any uncontrolled subfield to display in any of the boxesUIQM-721
- Create/Derive/Edit a MARC bib record > Uncontrolled subfields boxes - Do not group subfields (manual linking)UIQM-720Resolved issue: UIQM-720Valery_Pilko
- Create a MARC holdings record > Display a Save & keep editing buttonUIQM-719
- Create a MARC authority record > Display a Save & keep editing buttonUIQM-718Resolved issue: UIQM-718
- Create/Duplicate a FOLIO holdings record > Display a Save & keep editing buttonUIQM-717Resolved issue: UIQM-717
- Create/Derive a MARC bib + authority record > Display a Save & keep editing buttonUIQM-716Resolved issue: UIQM-716Dmytro Melnyshyn
- quickMARC: Keep the user's focus when user hits Save & keep editingUIQM-715Resolved issue: UIQM-715Dmytro Melnyshyn
- inventory API version updateUIQM-714Resolved issue: UIQM-714Dmytro Melnyshyn
- "007" MARC bib field for type "g - Projected Graphic" position 06 allows entering more than 1 characterUIQM-712Resolved issue: UIQM-712Dmytro Melnyshyn
- Show all errors triggered by dropdown positions of "008" field of MARC bibliographic record togetherUIQM-711Resolved issue: UIQM-711Dmytro Melnyshyn
- Implement inline format of error messages triggered by "007", "008" field of "MARC holdings"UIQM-710
- Duplicate LCCN checking query > Do not return instance/bib record that is set for deletionUIQM-709Resolved issue: UIQM-709Dmytro Melnyshyn
- Create/Edit/Derive/ MARC bib > 007 field for type h resources (microforms) positions 05, 06-08 only allows 3 characters in UIUIQM-708Resolved issue: UIQM-708Denys Bohdan
- upgrade `marc-records-editor` to 6.0UIQM-706Resolved issue: UIQM-706Denys Bohdan
- Validation of non-controlled subfields of linked field doesn't work when subfields are added/removed after the field has been linkedUIQM-704Resolved issue: UIQM-704Dmytro Melnyshyn
- Spitfire - migrate to shared CI workflowsUIQM-701Resolved issue: UIQM-701Dmytro Melnyshyn
- "400" error is returned from "validate" endpoint when editable positions of "006", "007" have invalid lengthUIQM-698Resolved issue: UIQM-698Denys Bohdan
- "400" error is returned from "validate" endpoint when editable positions of "008" have invalid lengthUIQM-697Resolved issue: UIQM-697Dmytro Melnyshyn
- Remove extra "$" sign from error message when user tries to add/remove $t from 1XX of linked MARC authority recordUIQM-695Resolved issue: UIQM-695Dmytro Melnyshyn
- Separate error messages triggered by controlled subfields of different linked fieldsUIQM-694Resolved issue: UIQM-694Denys Bohdan
50 of 578
Fix security vulnerabilities reported in jackson-databind >= 2.0.0, < 2.9.9.2
Done
Description
CSP Request Details
None
CSP Rejection Details
None
Potential Workaround
None
Checklist
hideTestRail: Results
Details
Details
Assignee
Hongwei Ji
Hongwei Ji
Reporter
Peter Murray
Peter Murray
Labels
Priority
TBDStory Points
0.5
Sprint
None
Development Team
Core: Platform
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created August 1, 2019 at 7:34 PM
Updated August 12, 2019 at 1:06 PM
Resolved August 2, 2019 at 4:16 PM
Activity
Show:
Hongwei Ji August 2, 2019 at 4:16 PM
Oops, I fixed it yesterday before seeing this ticket today.
Julian Ladisch August 2, 2019 at 4:13 PM
Hongwei Ji has merged the jackson-databind version bump to 2.9.9.2 to master:
https://github.com/folio-org/mod-login-saml/pull/48
We need a release of mod-login-saml if we want to deploy the fixed version.
Peter Murray August 1, 2019 at 7:36 PM
: Would you mind bumping the version here again?
Another day, another jackson-databind vulnerability?
2 com.fasterxml.jackson.core:jackson-databind vulnerabilities found in pom.xm 5 minutes ago
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.9.9.2 or later. For example:
Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2019-14379
moderate severity
*Vulnerable versions:* < 2.9.9.2
*Patched version:* 2.9.9.2
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used, leading to remote code execution.
CVE-2019-14439
moderate severity
*Vulnerable versions:* < 2.9.9.2
*Patched version:* 2.9.9.2
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.