Batch Importer (Bib/Acq)
(UXPROD-47)
|
|
| Status: | Closed |
| Project: | isbn-util |
| Components: | None |
| Affects versions: | None |
| Fix versions: | 1.4.0 | Parent: | Batch Importer (Bib/Acq) |
| Type: | Bug | Priority: | P2 |
| Reporter: | Julian Ladisch | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | security, security-reviewed | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||||||||||
| Sprint: | Folijet Sprint 139 | ||||||||||||||||
| Story Points: | 1 | ||||||||||||||||
| Development Team: | Folijet | ||||||||||||||||
| Release: | Morning Glory (R2 2022) | ||||||||||||||||
| Epic Link: | Batch Importer (Bib/Acq) | ||||||||||||||||
| RCA Group: | Related dependency upgrade | ||||||||||||||||
| Description |
|
Upgrade commons-validator from 1.6 to 1.7. This indirectly upgrades commons-beanutils from 1.9.2 to 1.9.4 fixing Deserialization of Untrusted Data: https://nvd.nist.gov/vuln/detail/CVE-2019-10086 |
| Comments |
| Comment by Julian Ladisch [ 02/May/22 ] |
|
@ Folijet: Please code review and merge https://github.com/folio-org/folio-isbn-util/pull/19 . I don't have write permission for this repository. |
| Comment by Ann-Marie Breaux (Inactive) [ 10/May/22 ] |
|
Aliaksandr Fedasiuk Serhii_Nosko Please see Julian's comment above. Can we include in the current sprint, or do we need to wait until next sprint? Also, which RCA Group should be assigned? Thank you! |
| Comment by Aliaksandr Fedasiuk [ 11/May/22 ] |
|
Hi Julian Ladisch, your PR was approved and merged. |
| Comment by Aliaksandr Fedasiuk [ 11/May/22 ] |
|
Hi Ann-Marie Breaux, after releasing folio-isbn-util we should update used version of this package in mod-inventory. We need a task to release folio-isbn-util. |
| Comment by Julian Ladisch [ 11/May/22 ] |
|
Thanks! |
| Comment by Julian Ladisch [ 11/May/22 ] |
|
Release task created:
|
| Comment by Ann-Marie Breaux (Inactive) [ 16/May/22 ] |
|
Hi Aliaksandr Fedasiuk and Julian Ladisch This is for Morning Glory, right? I'll update the release fields and features and such. Even if we need to release sooner than the Morning Glory general releases, we don't have to release for a Kiwi or Lotus Hotfix, do we? |
| Comment by Aliaksandr Fedasiuk [ 16/May/22 ] |
|
Hi Ann-Marie Breaux, you are right. We may release it earlier than the general Morning Glory releases, but we don't need it for Kiwi and Lotus Hotfix. |