Batch Importer (Bib/Acq)
(UXPROD-47)
|
|
| Status: | Closed |
| Project: | liquibase-util |
| Components: | None |
| Affects versions: | 1.5.1 |
| Fix versions: | 1.5.2 | Parent: | Batch Importer (Bib/Acq) |
| Type: | Bug | Priority: | P2 |
| Reporter: | Julian Ladisch | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | security, security-reviewed | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||
| Sprint: | |||||||||
| Development Team: | Folijet | ||||||||
| Release: | Nolana (R3 2022) | ||||||||
| Epic Link: | Batch Importer (Bib/Acq) | ||||||||
| RCA Group: | Related dependency upgrade | ||||||||
| Description |
|
Upgrade liquibase from 4.15.0 to 4.16.1. This indirectly upgrades snakeyaml from 1.27 to 1.31 fixing Denial of Service (DoS) and Stack-based Buffer Overflow vulnerabilities: https://nvd.nist.gov/vuln/detail/CVE-2022-25857 , https://nvd.nist.gov/vuln/detail/CVE-2022-38749 , https://nvd.nist.gov/vuln/detail/CVE-2022-38751 , https://nvd.nist.gov/vuln/detail/CVE-2022-38750 , https://nvd.nist.gov/vuln/detail/CVE-2022-38752 |
| Comments |
| Comment by Ann-Marie Breaux (Inactive) [ 28/Sep/22 ] |
|
Hi Kateryna Senchenko Looks like Julian raised this PR, plus 2 others. Please review and confirm about merging. Thank you! |