[FOLIO-1677] Security vulnerability reported in mod-codex-mock for vertx-web < 3.5.3, vertx-core < 3.5.4 Created: 29/Dec/18  Updated: 03/Jun/20  Resolved: 08/Jan/19

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Task Priority: P3
Reporter: Peter Murray Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: core, security, sprint54
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Blocks
blocks FOLIO-1605 Fix security vulnerabilities reported... Closed
Cloners
is cloned by FOLIO-1687 Security vulnerability reported in ok... Closed
Duplicate
duplicates MODCXMOCK-18 Upgrade vertx dependency for vertx-we... Closed
duplicates OKCLI-10 Upgrade vertx dependency for vertx-we... Completed
Sprint:

 Description   

For https://github.com/folio-org/mod-codex-mock, GitHub reports these two security vulnerabilities in pom.xml.

Dependency: io.vertx:vertx-web with version >= 3.0.0, < 3.5.3

Proposed solution: Upgrade to ~> 3.5.3

Vulnerabilities:
CVE-2018-12540 High severity
CVE-2018-12542 Low severity

Dependency: io.vertx:vertx-core with version >= 3.0.0, < 3.5.4

Proposed solution: Upgrade to ~> 3.5.4

Vulnerabilities:
CVE-2018-12541 Low severity
CVE-2018-12537 Moderate severity



 Comments   
Comment by Peter Murray [ 29/Dec/18 ]

Adam Dickmeiss: In Heikki's absence, can you look at this, please?

Comment by David Crossley [ 31/Dec/18 ]

These are also noted at MODCXMOCK-18 Closed and OKCLI-10 Completed

Comment by Peter Murray [ 31/Dec/18 ]

Yes... FOLIO-1605 Closed is an umbrella ticket. This affected many repositories.

Comment by Peter Murray [ 08/Jan/19 ]

Duplicate of MODCXMOCK-18 Closed

Generated at Thu Feb 08 23:15:05 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.