<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:19:03 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-2213] In folio-install kubernetes-rancher: Fix security vulnerability for js-yaml and various lodash</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-2213</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;For a couple of months there are security alerts reported for the demonstration &quot;alternative-install/kubernetes-rancher&quot;&lt;/p&gt;

&lt;p&gt;(Not a good presentation for the general folio-install documentation.)&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ade4eac47-6d4e-4b50-9c3c-4a82ed705e52&quot; class=&quot;user-hover&quot; rel=&quot;557058:de4eac47-6d4e-4b50-9c3c-4a82ed705e52&quot; data-account-id=&quot;557058:de4eac47-6d4e-4b50-9c3c-4a82ed705e52&quot; accountid=&quot;557058:de4eac47-6d4e-4b50-9c3c-4a82ed705e52&quot; rel=&quot;noreferrer&quot;&gt;Taras Spashchenko&lt;/a&gt; Would you please investigate. Their detail should be visible to you there.&lt;/p&gt;</description>
                <environment></environment>
        <key id="81288">FOLIO-2213</key>
            <summary>In folio-install kubernetes-rancher: Fix security vulnerability for js-yaml and various lodash</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                                            <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</assignee>
                                                                <reporter accountid="61cd0ca0bce5e00069e98be7">David Crossley</reporter>
                                    <labels>
                            <label>keep-bug</label>
                            <label>platform-backlog</label>
                            <label>security</label>
                            <label>security-reviewed</label>
                    </labels>
                <created>Wed, 14 Aug 2019 06:52:51 +0000</created>
                <updated>Mon, 8 Nov 2021 21:32:05 +0000</updated>
                            <resolved>Mon, 8 Nov 2021 21:32:05 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>7</watches>
                                                                <comments>
                                                            <comment id="192749" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Wed, 7 Oct 2020 19:45:36 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=61cd0ca0bce5e00069e98be7&quot; class=&quot;user-hover&quot; rel=&quot;61cd0ca0bce5e00069e98be7&quot; data-account-id=&quot;61cd0ca0bce5e00069e98be7&quot; accountid=&quot;61cd0ca0bce5e00069e98be7&quot; rel=&quot;noreferrer&quot;&gt;David Crossley&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f8314dfbdef80006f6f572d&quot; class=&quot;user-hover&quot; rel=&quot;5f8314dfbdef80006f6f572d&quot; data-account-id=&quot;5f8314dfbdef80006f6f572d&quot; accountid=&quot;5f8314dfbdef80006f6f572d&quot; rel=&quot;noreferrer&quot;&gt;Adam Dickmeiss&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5ee89462f7aa140abd82d11d&quot; class=&quot;user-hover&quot; rel=&quot;5ee89462f7aa140abd82d11d&quot; data-account-id=&quot;5ee89462f7aa140abd82d11d&quot; accountid=&quot;5ee89462f7aa140abd82d11d&quot; rel=&quot;noreferrer&quot;&gt;Julian Ladisch&lt;/a&gt; Closing because it&apos;s old, please re-open if still relevant.&lt;/p&gt;</comment>
                                                            <comment id="192752" author="5ee89462f7aa140abd82d11d" created="Thu, 8 Oct 2020 12:25:35 +0000"  >&lt;p&gt;&lt;a href=&quot;https://github.com/folio-org/folio-install/pull/49/files&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-install/pull/49/files&lt;/a&gt; removed yarn.lock. This makes the GitHub security warning disappear.&lt;br/&gt;
However, the vulnerable libraries are still being used by the code. The issues are not resolved and are still reported by other security scanners like &lt;a href=&quot;https://jeremylong.github.io/DependencyCheck/&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://jeremylong.github.io/DependencyCheck/&lt;/a&gt; .&lt;br/&gt;
I propose to delete the &lt;a href=&quot;https://github.com/folio-org/folio-install/tree/master/alternative-install/kubernetes-rancher/EBSCO&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-install/tree/master/alternative-install/kubernetes-rancher/EBSCO&lt;/a&gt; directory from master. It is outdated (last change 16 months ago) and cannot been used any longer. It will remain in the git history.&lt;/p&gt;</comment>
                                                            <comment id="192756" author="5cf6c546b87c300f36eb7b9a" created="Fri, 16 Jul 2021 15:28:30 +0000"  >&lt;p&gt;From the security team:  Let&apos;s proceed with &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5ee89462f7aa140abd82d11d&quot; class=&quot;user-hover&quot; rel=&quot;5ee89462f7aa140abd82d11d&quot; data-account-id=&quot;5ee89462f7aa140abd82d11d&quot; accountid=&quot;5ee89462f7aa140abd82d11d&quot; rel=&quot;noreferrer&quot;&gt;Julian Ladisch&lt;/a&gt;&apos;s proposal and remove this outdated directory.  If needed it will continue to live on in git history.&lt;/p&gt;</comment>
                                                            <comment id="192760" author="557058:c4306e07-a760-40bc-81e1-af8498c1bcd2" created="Thu, 30 Sep 2021 14:15:33 +0000"  >&lt;p&gt;The directory you deleted is still being referenced here [Kubernetes example | FOLIO Documentation|&lt;a href=&quot;https://docs.folio.org/docs/getting-started/installation/kubernetesex/&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://docs.folio.org/docs/getting-started/installation/kubernetesex/&lt;/a&gt;-]&#160;Build the job image&lt;/p&gt;</comment>
                                                            <comment id="192766" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Thu, 28 Oct 2021 15:29:59 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5ee89462f7aa140abd82d11d&quot; class=&quot;user-hover&quot; rel=&quot;5ee89462f7aa140abd82d11d&quot; data-account-id=&quot;5ee89462f7aa140abd82d11d&quot; accountid=&quot;5ee89462f7aa140abd82d11d&quot; rel=&quot;noreferrer&quot;&gt;Julian Ladisch&lt;/a&gt; can this be closed? Also, do we know who should update the docs linked to by &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ac4306e07-a760-40bc-81e1-af8498c1bcd2&quot; class=&quot;user-hover&quot; rel=&quot;557058:c4306e07-a760-40bc-81e1-af8498c1bcd2&quot; data-account-id=&quot;557058:c4306e07-a760-40bc-81e1-af8498c1bcd2&quot; accountid=&quot;557058:c4306e07-a760-40bc-81e1-af8498c1bcd2&quot; rel=&quot;noreferrer&quot;&gt;Ingolf Kuss&lt;/a&gt; above?&lt;/p&gt;</comment>
                                                            <comment id="192771" author="5ee89462f7aa140abd82d11d" created="Mon, 8 Nov 2021 21:31:53 +0000"  >&lt;p&gt;&lt;a href=&quot;https://docs.folio.org/docs/getting-started/installation/kubernetesex/&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://docs.folio.org/docs/getting-started/installation/kubernetesex/&lt;/a&gt; no longer references the kubernetes-rancher/EBSCO example: &lt;a href=&quot;https://github.com/folio-org/docs/commit/08b3fa39b1725acae1c34cba6c1be7e465db8279&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/docs/commit/08b3fa39b1725acae1c34cba6c1be7e465db8279&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Therefore I close this issue.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="81356">FOLIO-2080</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10144"><![CDATA[Core: Platform]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|hzzhhx:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1423">CP: Non-roadmap backlog</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 7 Oct 2020 19:45:36 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>