<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:26:52 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3268] Apply cve-2021-26084-update to Confluence</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3268</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;Atlassian announced a &lt;a href=&quot;https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html?subid=1523838824&amp;amp;jobid=105167228&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;critical security advisory&lt;/a&gt; (CVE-2021-26084):&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;An OGNL injection vulnerability exists that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. &lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;The security advisory recommends upgrading to the latest long-term-stable release (7.13.0 at this time), and if the upgrade can&apos;t be done immediately, they supply a mitigation script.&lt;/p&gt;</description>
                <environment></environment>
        <key id="82120">FOLIO-3268</key>
            <summary>Apply cve-2021-26084-update to Confluence</summary>
                <type id="10003" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium">Task</type>
                                            <priority id="10000" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p1.svg">P1</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="5ced27478b03050f27825a93">Peter Murray</assignee>
                                                                <reporter accountid="5ced27478b03050f27825a93">Peter Murray</reporter>
                                    <labels>
                    </labels>
                <created>Wed, 25 Aug 2021 18:29:23 +0000</created>
                <updated>Fri, 3 Sep 2021 15:29:02 +0000</updated>
                            <resolved>Tue, 31 Aug 2021 14:02:33 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                                                <comments>
                                                            <comment id="196521" author="5ced27478b03050f27825a93" created="Wed, 25 Aug 2021 18:34:31 +0000"  >&lt;p&gt;Created a &lt;a href=&quot;https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#Snapshots:visibility=owned-by-me;search=snap-06dcfbd3a98898288;sort=desc:startTime&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;snapshot&lt;/a&gt; prior to running the mitigation script.  The output of the mitigation script is below.&lt;/p&gt;

&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
# ./cve-2021-26084-update.sh
chdir &lt;span class=&quot;code-quote&quot;&gt;&apos;/atlassian/opt/confluence/&apos;&lt;/span&gt;

File 1: &lt;span class=&quot;code-quote&quot;&gt;&apos;confluence/users/user-dark-features.vm&apos;&lt;/span&gt;:
   a. backing up file.. done
   b. updating file.. done
   c. showing file changes..
70c70
&amp;lt;             #tag( &lt;span class=&quot;code-quote&quot;&gt;&quot;Component&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;label=&lt;span class=&quot;code-quote&quot;&gt;&apos;Enable dark feature:&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;name=&lt;span class=&quot;code-quote&quot;&gt;&apos;featureKey&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;value=&lt;span class=&quot;code-quote&quot;&gt;&apos;$!action.featureKey&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;theme=&lt;span class=&quot;code-quote&quot;&gt;&apos;aui&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;template=&lt;span class=&quot;code-quote&quot;&gt;&apos;text.vm&apos;&lt;/span&gt;&quot;&lt;/span&gt;)
---
&amp;gt;             #tag( &lt;span class=&quot;code-quote&quot;&gt;&quot;Component&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;label=&lt;span class=&quot;code-quote&quot;&gt;&apos;Enable dark feature:&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;name=&lt;span class=&quot;code-quote&quot;&gt;&apos;featureKey&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;value=featureKey&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;theme=&lt;span class=&quot;code-quote&quot;&gt;&apos;aui&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;template=&lt;span class=&quot;code-quote&quot;&gt;&apos;text.vm&apos;&lt;/span&gt;&quot;&lt;/span&gt;)
   d. validating file changes.. ok
   e. file updated successfully!

File 2: &lt;span class=&quot;code-quote&quot;&gt;&apos;confluence/login.vm&apos;&lt;/span&gt;:
   a. backing up file.. done
   b. updating file.. done
   c. showing file changes..
147c147
&amp;lt;                         #tag( &lt;span class=&quot;code-quote&quot;&gt;&quot;Hidden&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;name=&lt;span class=&quot;code-quote&quot;&gt;&apos;token&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;value=&lt;span class=&quot;code-quote&quot;&gt;&apos;$!action.token&apos;&lt;/span&gt;&quot;&lt;/span&gt; )
---
&amp;gt;                         #tag( &lt;span class=&quot;code-quote&quot;&gt;&quot;Hidden&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;name=&lt;span class=&quot;code-quote&quot;&gt;&apos;token&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;value=token&quot;&lt;/span&gt; )
   d. validating file changes.. ok
   e. file updated successfully!

File 3: &lt;span class=&quot;code-quote&quot;&gt;&apos;confluence/pages/createpage-entervariables.vm&apos;&lt;/span&gt;:
   a. backing up file.. done
   b. updating file.. done
   c. showing file changes..
24c24
&amp;lt;                 #tag (&lt;span class=&quot;code-quote&quot;&gt;&quot;Hidden&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;name=&lt;span class=&quot;code-quote&quot;&gt;&apos;queryString&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;value=&lt;span class=&quot;code-quote&quot;&gt;&apos;$!queryString&apos;&lt;/span&gt;&quot;&lt;/span&gt;)
---
&amp;gt;                 #tag (&lt;span class=&quot;code-quote&quot;&gt;&quot;Hidden&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;name=&lt;span class=&quot;code-quote&quot;&gt;&apos;queryString&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;value=queryString&quot;&lt;/span&gt;)
26c26
&amp;lt;                 #tag (&lt;span class=&quot;code-quote&quot;&gt;&quot;Hidden&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;name=&lt;span class=&quot;code-quote&quot;&gt;&apos;linkCreation&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;value=&lt;span class=&quot;code-quote&quot;&gt;&apos;$linkCreation&apos;&lt;/span&gt;&quot;&lt;/span&gt;)
---
&amp;gt;                 #tag (&lt;span class=&quot;code-quote&quot;&gt;&quot;Hidden&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;name=&lt;span class=&quot;code-quote&quot;&gt;&apos;linkCreation&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;value=linkCreation&quot;&lt;/span&gt;)
   d. validating file changes..ok
   e. file updated successfully!

File 4: &lt;span class=&quot;code-quote&quot;&gt;&apos;confluence/template/custom/content-editor.vm&apos;&lt;/span&gt;:
   a. backing up file.. done
   b. updating file.. done
   c. showing file changes..
64c64
&amp;lt;         #tag (&lt;span class=&quot;code-quote&quot;&gt;&quot;Hidden&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;name=&lt;span class=&quot;code-quote&quot;&gt;&apos;queryString&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;value=&lt;span class=&quot;code-quote&quot;&gt;&apos;$!queryString&apos;&lt;/span&gt;&quot;&lt;/span&gt;)
---
&amp;gt;         #tag (&lt;span class=&quot;code-quote&quot;&gt;&quot;Hidden&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;name=&lt;span class=&quot;code-quote&quot;&gt;&apos;queryString&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;value=queryString&quot;&lt;/span&gt;)
85c85
&amp;lt;             #tag (&lt;span class=&quot;code-quote&quot;&gt;&quot;Hidden&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;id=sourceTemplateId&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;name=&lt;span class=&quot;code-quote&quot;&gt;&apos;sourceTemplateId&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;value=&lt;span class=&quot;code-quote&quot;&gt;&apos;${templateId}&apos;&lt;/span&gt;&quot;&lt;/span&gt;)
---
&amp;gt;             #tag (&lt;span class=&quot;code-quote&quot;&gt;&quot;Hidden&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;id=sourceTemplateId&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;name=&lt;span class=&quot;code-quote&quot;&gt;&apos;sourceTemplateId&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;value=templateId&quot;&lt;/span&gt;)
   d. file updated successfully!

File 5: &lt;span class=&quot;code-quote&quot;&gt;&apos;confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-loader*.jar&apos;&lt;/span&gt;:
   a. extracting templates/editor-preload-container.vm from confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-loader-7.8.0.jar..
Archive:  confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-loader-7.8.0.jar
  inflating: ./templates/editor-preload-container.vm
   b. updating file.. done
   c. showing file changes..
56c56
&amp;lt; #tag (&lt;span class=&quot;code-quote&quot;&gt;&quot;Hidden&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;id=syncRev&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;name=&lt;span class=&quot;code-quote&quot;&gt;&apos;syncRev&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;value=&lt;span class=&quot;code-quote&quot;&gt;&apos;$!{action.syncRev}&apos;&lt;/span&gt;&quot;&lt;/span&gt;)
---
&amp;gt; #tag (&lt;span class=&quot;code-quote&quot;&gt;&quot;Hidden&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;id=syncRev&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;name=&lt;span class=&quot;code-quote&quot;&gt;&apos;syncRev&apos;&lt;/span&gt;&quot;&lt;/span&gt; &lt;span class=&quot;code-quote&quot;&gt;&quot;value=syncRev&quot;&lt;/span&gt;)
   d. validating file changes.. ok
   e. updating confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-loader-7.8.0.jar with ./templates/editor-preload-container.vm..updating: templates/editor-preload-container.vm (deflated 59%)
-rw-r--r-- 1 root root 13368 Aug 25 18:27 confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-loader-7.8.0.jar
   f. cleaning up temp files..ok
   g. extracting templates/editor-preload-container.vm from confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-loader-7.8.0.jar again to check changes within JAR..
Archive:  confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-loader-7.8.0.jar
  inflating: ./templates/editor-preload-container.vm
   h. validating file changes &lt;span class=&quot;code-keyword&quot;&gt;for&lt;/span&gt; file within updated JAR.. ok
   i. cleaning up temp files..ok

Update completed!
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10008">
                    <name>Defines</name>
                                            <outwardlinks description="defines">
                                        <issuelink>
            <issuekey id="79791">FOLIO-3269</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10002">
                    <name>Duplicate</name>
                                                                <inwardlinks description="is duplicated by">
                                        <issuelink>
            <issuekey id="76633">SECURITY-5</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10155"><![CDATA[FOLIO DevOps]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i037gk:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="389">DevOps Sprint 121</customfieldvalue>
    <customfieldvalue id="279">DevOps Sprint 122</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>