<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:26:00 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3151] Upgrade nexus from 3.28.1-01 to 3.30.1 (CVE-2020-13933)</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3151</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;&lt;a href=&quot;https://repository.folio.org/&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://repository.folio.org/&lt;/a&gt;&#160;runs Nexus 3.28.1-01.&lt;/p&gt;

&lt;p&gt;It has these known vulnerabilities:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;authentication bypass in Apache Shiro (&lt;font color=&quot;#000000&quot;&gt;&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2020-13933&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;CVE-2020-13933&lt;/a&gt;&lt;/font&gt;) (high)&lt;/li&gt;
	&lt;li&gt;directory traversal (&lt;a href=&quot;https://support.sonatype.com/hc/en-us/articles/1500006879561&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;CVE-2021-30635&lt;/a&gt;) (medium)&lt;/li&gt;
	&lt;li&gt;cross-site scripting (XSS) (&lt;a href=&quot;https://support.sonatype.com/hc/en-us/articles/1500005031082&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;CVE-2021-29159&lt;/a&gt;) (medium)&lt;/li&gt;
	&lt;li&gt;sensitive information disclosure (SID) (&lt;a href=&quot;https://support.sonatype.com/hc/en-us/articles/1500006126462&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;CVE-2021-29158&lt;/a&gt;) (medium)&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Nexus 3.30.1 has fixes for them.&lt;/p&gt;

&lt;p&gt;Nexus 3.28.1 has been &lt;a href=&quot;https://help.sonatype.com/repomanager3/release-notes/2020-release-notes#id-2020ReleaseNotes-NexusRepositoryManager3.28.1&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;released 2020-10-19&lt;/a&gt;.&lt;br/&gt;
Nexus 3.30.1 has been &lt;a href=&quot;https://help.sonatype.com/repomanager3/release-notes#ReleaseNotes-NexusRepositoryManager3.30.1&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;released 2021-04-22&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Task:&lt;/p&gt;

&lt;p&gt;Upgrade Nexus from 3.28.1-01 to 3.30.1.&lt;/p&gt;</description>
                <environment></environment>
        <key id="81979">FOLIO-3151</key>
            <summary>Upgrade nexus from 3.28.1-01 to 3.30.1 (CVE-2020-13933)</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                                            <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="5f9abc1eb45b2e007453f423">John Malconian</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>devops</label>
                            <label>security</label>
                            <label>security-reviewed</label>
                    </labels>
                <created>Sat, 8 May 2021 20:49:24 +0000</created>
                <updated>Thu, 22 Jul 2021 06:14:49 +0000</updated>
                            <resolved>Tue, 13 Jul 2021 01:56:20 +0000</resolved>
                                                                    <component>Continuous Integration</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                <comments>
                                                            <comment id="197456" author="5ae08bd47b44642d39d323c4" created="Fri, 14 May 2021 15:15:47 +0000"  >&lt;p&gt;Please plan to upgrade, or, adjust the priority if you don&apos;t feel we are exposed.&#160;&lt;/p&gt;</comment>
                                                            <comment id="197460" author="5f9abc1eb45b2e007453f423" created="Tue, 13 Jul 2021 01:56:20 +0000"  >&lt;p&gt;Nexus upgrade to the latest release complete. &lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10155"><![CDATA[FOLIO DevOps]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i02ovj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1830">DevOps Sprint 116</customfieldvalue>
    <customfieldvalue id="1992">DevOps Sprint 114</customfieldvalue>
    <customfieldvalue id="1993">DevOps Sprint 115</customfieldvalue>
    <customfieldvalue id="1994">DevOps Sprint 117</customfieldvalue>
    <customfieldvalue id="1995">DevOps Sprint 118</customfieldvalue>
    <customfieldvalue id="957">DevOps Sprint 113</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 14 May 2021 15:15:47 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>