Batch Importer (Bib/Acq) (UXPROD-47)

[LIQUTIL-19] Update dependencies fixing CVE-2020-36518, CVE-2022-0839 Created: 28/Mar/22  Updated: 04/Apr/23  Resolved: 29/Mar/22

Status: Closed
Project: liquibase-util
Components: None
Affects versions: None
Fix versions: 1.4.1
Parent: Batch Importer (Bib/Acq)

Type: Bug Priority: TBD
Reporter: Julian Ladisch Assignee: Julian Ladisch
Resolution: Done Votes: 0
Labels: data-import, epam-folijet, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Blocks
blocks LIQUTIL-20 Release v1.4.1 (Lotus bugfix) Closed
blocks MODPUBSUB-231 Update dependencies fixing CVE-2022-0... Closed
Defines
defines UXPROD-3262 NFR: Data Import R1 2022 Lotus Techni... Closed
Relates
relates to LIQUTIL-21 No suitable driver found for jdbc:pos... Closed
Sprint: Folijet Sprint 136
Story Points: 0
Development Team: Folijet
Release: Lotus (R1 2022) Bug Fix
Epic Link: Batch Importer (Bib/Acq)
RCA Group: Related dependency upgrade

 Description   

Update liquibase-core from 4.7.1 to 4.9.0 fixing https://nvd.nist.gov/vuln/detail/CVE-2022-0839

Update Vert.x from 4.2.4 to 4.2.6.

Update RMB from 33.2.5 to 33.2.8. This updates jackson-databind from 2.13.1 to 2.13.2.1 fixing https://nvd.nist.gov/vuln/detail/CVE-2020-36518



 Comments   
Comment by Julian Ladisch [ 28/Mar/22 ]

@ Folijet: Please code review the pull request: https://github.com/folio-org/folio-liquibase-util/pull/18 . And merge it and release folio-liquibase-util v1.4.1. I don't have write permission for this repository.

Thanks!

 

 

Comment by Kateryna Senchenko [ 29/Mar/22 ]

Thank you Julian Ladisch, PR is merged, we'll release the fix later today

Generated at Thu Feb 08 22:13:35 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.