<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:22:09 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-2639] Fix &apos;folio-sample-modules&apos; security vulnerability reported in log4j  &gt;= 1.2, &lt;= 1.2.27</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-2639</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;Is &lt;a href=&quot;https://github.com/folio-org/folio-sample-modules&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-sample-modules&lt;/a&gt; still relevant?  It hasn&apos;t had a substantial update (excluding dependency and documentation updates) since September 2017.&lt;/p&gt;</description>
                <environment></environment>
        <key id="81670">FOLIO-2639</key>
            <summary>Fix &apos;folio-sample-modules&apos; security vulnerability reported in log4j  &gt;= 1.2, &lt;= 1.2.27</summary>
                <type id="10003" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium">Task</type>
                                            <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</assignee>
                                                                <reporter accountid="5ced27478b03050f27825a93">Peter Murray</reporter>
                                    <labels>
                            <label>platform-backlog</label>
                            <label>security</label>
                            <label>security-reviewed</label>
                    </labels>
                <created>Tue, 9 Jun 2020 14:44:31 +0000</created>
                <updated>Thu, 18 Nov 2021 19:19:20 +0000</updated>
                            <resolved>Thu, 18 Nov 2021 19:19:20 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>6</watches>
                                                                <comments>
                                                            <comment id="199091" author="5ced27478b03050f27825a93" created="Tue, 9 Jun 2020 14:44:52 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=61cd0ca0bce5e00069e98be7&quot; class=&quot;user-hover&quot; rel=&quot;61cd0ca0bce5e00069e98be7&quot; data-account-id=&quot;61cd0ca0bce5e00069e98be7&quot; accountid=&quot;61cd0ca0bce5e00069e98be7&quot; rel=&quot;noreferrer&quot;&gt;David Crossley&lt;/a&gt;: Do you know if this is still useful?&lt;/p&gt;</comment>
                                                            <comment id="199093" author="61cd0ca0bce5e00069e98be7" created="Tue, 9 Jun 2020 21:21:01 +0000"  >&lt;p&gt;As far as i know, yes it is. I have been intending to fix that log4j, and now revise it for Okapi v3.&lt;/p&gt;</comment>
                                                            <comment id="199094" author="5c10cd488ce9b546efc4d9c4" created="Mon, 3 Aug 2020 12:28:14 +0000"  >&lt;p&gt;Estimated to update log4j2&lt;/p&gt;

&lt;p&gt;A suggestion to pick this ticket into development after the system upgrades to JDK11.&lt;/p&gt;</comment>
                                                            <comment id="199096" author="5cf6c546b87c300f36eb7b9a" created="Fri, 16 Jul 2021 15:31:46 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ab8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; class=&quot;user-hover&quot; rel=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; data-account-id=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; accountid=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; rel=&quot;noreferrer&quot;&gt;Jakub Skoczen&lt;/a&gt; Can you please make a call on whether to fix this or possibly even deprecate/archive the folio-sample-modules altogether?  It isn&apos;t clear if these are used by anyone.  The security team is following up on this since it&apos;s marked as P2 and hasn&apos;t been updated in quite some time.&lt;/p&gt;</comment>
                                                            <comment id="199098" author="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d" created="Thu, 28 Oct 2021 15:27:00 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5ee89462f7aa140abd82d11d&quot; class=&quot;user-hover&quot; rel=&quot;5ee89462f7aa140abd82d11d&quot; data-account-id=&quot;5ee89462f7aa140abd82d11d&quot; accountid=&quot;5ee89462f7aa140abd82d11d&quot; rel=&quot;noreferrer&quot;&gt;Julian Ladisch&lt;/a&gt; is this something you could help out with?&lt;/p&gt;</comment>
                                                            <comment id="199100" author="5ee89462f7aa140abd82d11d" created="Thu, 18 Nov 2021 19:19:20 +0000"  >&lt;p&gt;The dependencies have been updated to resolve the security issues.&lt;/p&gt;

&lt;p&gt;A GitHub Actions workflow shows that the code still works and serves as an integration test: &lt;a href=&quot;https://github.com/folio-org/folio-sample-modules/blob/master/.github/workflows/simple.yml&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-sample-modules/blob/master/.github/workflows/simple.yml&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="77542">EDGRTAC-26</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10144"><![CDATA[Core: Platform]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i01j6i:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1431">CP: sprint 127</customfieldvalue>
    <customfieldvalue id="1181">CP: sprint 126</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10044" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Story Points</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 9 Jun 2020 21:21:01 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>