<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:28:17 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3458] spring-module-core: postgresql Remote Code Execution (CVE-2022-21724)</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3458</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;&lt;a href=&quot;https://github.com/folio-org/spring-module-core&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/spring-module-core&lt;/a&gt; uses org.postgresql:postgresql@42.2.23 JDBC driver: &lt;a href=&quot;https://github.com/folio-org/spring-module-core/blob/main/domain/pom.xml#L49-L52&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/spring-module-core/blob/main/domain/pom.xml#L49-L52&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;org.postgresql:postgresql version before 42.2.25 and before 42.3.2 are vulnerable to Remote Code Execution (RCE) when using certain plugin features: &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-21724&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-21724&lt;/a&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="82263">FOLIO-3458</key>
            <summary>spring-module-core: postgresql Remote Code Execution (CVE-2022-21724)</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                                            <priority id="10002" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p3.svg">P3</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="557058:abe52938-e5a4-4b11-be6c-c0d83a4b2577">William Welling</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>security</label>
                            <label>security-reviewed</label>
                            <label>springway</label>
                    </labels>
                <created>Thu, 24 Mar 2022 21:48:19 +0000</created>
                <updated>Fri, 8 Apr 2022 15:35:25 +0000</updated>
                            <resolved>Fri, 8 Apr 2022 15:35:25 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                                                <comments>
                                                            <comment id="197660" author="5af5e627525ba96b58654f12" created="Wed, 30 Mar 2022 16:19:54 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5ee89462f7aa140abd82d11d&quot; class=&quot;user-hover&quot; rel=&quot;5ee89462f7aa140abd82d11d&quot; data-account-id=&quot;5ee89462f7aa140abd82d11d&quot; accountid=&quot;5ee89462f7aa140abd82d11d&quot; rel=&quot;noreferrer&quot;&gt;Julian Ladisch&lt;/a&gt; or &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Aabe52938-e5a4-4b11-be6c-c0d83a4b2577&quot; class=&quot;user-hover&quot; rel=&quot;557058:abe52938-e5a4-4b11-be6c-c0d83a4b2577&quot; data-account-id=&quot;557058:abe52938-e5a4-4b11-be6c-c0d83a4b2577&quot; accountid=&quot;557058:abe52938-e5a4-4b11-be6c-c0d83a4b2577&quot; rel=&quot;noreferrer&quot;&gt;William Welling&lt;/a&gt; Which dev team should this be assigned to, and does it need to be a Lotus bugfix or can it wait for Morning Glory?&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="79722">FOLIO-3456</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="82225">FOLIO-3389</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10168"><![CDATA[None]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10106" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>RCA Group</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10367"><![CDATA[TBD]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i04d5e:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 30 Mar 2022 16:19:54 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>