Batch Importer (Bib/Acq) (UXPROD-47)

[LIQUTIL-28] Liquibase 4.16.1 fixing snakeyaml vulnerabilities Created: 27/Sep/22  Updated: 29/Sep/22  Resolved: 29/Sep/22

Status: Closed
Project: liquibase-util
Components: None
Affects versions: 1.5.1
Fix versions: 1.5.2
Parent: Batch Importer (Bib/Acq)

Type: Bug Priority: P2
Reporter: Julian Ladisch Assignee: Unassigned
Resolution: Done Votes: 0
Labels: security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Defines
defines UXPROD-3557 NFR: Data Import Technical, NFR, & Mi... Closed
Sprint:
Development Team: Folijet
Release: Nolana (R3 2022)
Epic Link: Batch Importer (Bib/Acq)
RCA Group: Related dependency upgrade

 Description   

Upgrade liquibase from 4.15.0 to 4.16.1.

This indirectly upgrades snakeyaml from 1.27 to 1.31 fixing Denial of Service (DoS) and Stack-based Buffer Overflow vulnerabilities: https://nvd.nist.gov/vuln/detail/CVE-2022-25857 , https://nvd.nist.gov/vuln/detail/CVE-2022-38749 , https://nvd.nist.gov/vuln/detail/CVE-2022-38751 , https://nvd.nist.gov/vuln/detail/CVE-2022-38750 , https://nvd.nist.gov/vuln/detail/CVE-2022-38752



 Comments   
Comment by Ann-Marie Breaux (Inactive) [ 28/Sep/22 ]

Hi Kateryna Senchenko Looks like Julian raised this PR, plus 2 others. Please review and confirm about merging. Thank you!

cc: Ivan Kryzhanovskyi

Generated at Thu Feb 08 22:13:45 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.