<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:28:20 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3464] Rebuild/upgrade jenkins-slave-docker for OpenJDK 11.0.15</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3464</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;Rebuild/upgrade&#160;&lt;a href=&quot;https://github.com/folio-org/folio-tools/blob/master/jenkins-slave-docker/Dockerfile.focal-java-11&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-tools/blob/master/jenkins-slave-docker/Dockerfile.focal-java-11&lt;/a&gt; so that&#160;folioci/jenkins-slave-all ships with openjdk 11.0.15 that contains multiple security fixes:&lt;/p&gt;

&lt;p&gt;Fixed in 11.0.14: &lt;a href=&quot;https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2022-January/011643.html&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2022-January/011643.html&lt;/a&gt; : &lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;JDK-8217375: jarsigner breaks old signature with long lines in manifest&lt;/li&gt;
	&lt;li&gt;JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named &quot;.&quot; inside&lt;/li&gt;
	&lt;li&gt;JDK-8264934, CVE-2022-21248: Enhance cross VM serialization&lt;/li&gt;
	&lt;li&gt;JDK-8268488: More valuable DerValues&lt;/li&gt;
	&lt;li&gt;JDK-8268494: Better inlining of inlined interfaces&lt;/li&gt;
	&lt;li&gt;JDK-8268512: More content for ContentInfo&lt;/li&gt;
	&lt;li&gt;JDK-8268795: Enhance digests of Jar files&lt;/li&gt;
	&lt;li&gt;JDK-8268801: Improve PKCS attribute handling&lt;/li&gt;
	&lt;li&gt;JDK-8268813, CVE-2022-21283: Better String matching&lt;/li&gt;
	&lt;li&gt;JDK-8269151: Better construction of EncryptedPrivateKeyInfo&lt;/li&gt;
	&lt;li&gt;JDK-8269944: Better HTTP transport redux&lt;/li&gt;
	&lt;li&gt;JDK-8270386, CVE-2022-21291: Better verification of scan methods&lt;/li&gt;
	&lt;li&gt;JDK-8270392, CVE-2022-21293: Improve String constructions&lt;/li&gt;
	&lt;li&gt;JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps&lt;/li&gt;
	&lt;li&gt;JDK-8270492, CVE-2022-21282: Better resolution of URIs&lt;/li&gt;
	&lt;li&gt;JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management&lt;/li&gt;
	&lt;li&gt;JDK-8270646, CVE-2022-21299: Improved scanning of XML entities&lt;/li&gt;
	&lt;li&gt;JDK-8270952, CVE-2022-21277: Improve TIFF file handling&lt;/li&gt;
	&lt;li&gt;JDK-8271962: Better TrueType font loading&lt;/li&gt;
	&lt;li&gt;JDK-8271968: Better canonical naming&lt;/li&gt;
	&lt;li&gt;JDK-8271987: Manifest improved manifest entries&lt;/li&gt;
	&lt;li&gt;JDK-8272014, CVE-2022-21305: Better array indexing&lt;/li&gt;
	&lt;li&gt;JDK-8272026, CVE-2022-21340: Verify Jar Verification&lt;/li&gt;
	&lt;li&gt;JDK-8272236, CVE-2022-21341: Improve serial forms for transport&lt;/li&gt;
	&lt;li&gt;JDK-8272272: Enhance jcmd communication&lt;/li&gt;
	&lt;li&gt;JDK-8272462: Enhance image handling&lt;/li&gt;
	&lt;li&gt;JDK-8273290: Enhance sound handling&lt;/li&gt;
	&lt;li&gt;JDK-8273756, CVE-2022-21360: Enhance BMP image support&lt;/li&gt;
	&lt;li&gt;JDK-8273838, CVE-2022-21365: Enhanced BMP processing&lt;/li&gt;
	&lt;li&gt;JDK-8274096, CVE-2022-21366: Improve decoding of image files&lt;/li&gt;
	&lt;li&gt;JDK-8279541: Improve HarfBuzz&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Fixed in 11.0.15: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE: &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-21496&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-21496&lt;/a&gt; , &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-21434&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-21434&lt;/a&gt; , &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-21476&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-21476&lt;/a&gt; - &lt;a href=&quot;https://openjdk.java.net/groups/vulnerability/advisories/2022-04-19&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://openjdk.java.net/groups/vulnerability/advisories/2022-04-19&lt;/a&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="82281">FOLIO-3464</key>
            <summary>Rebuild/upgrade jenkins-slave-docker for OpenJDK 11.0.15</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                                            <priority id="10002" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p3.svg">P3</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="61cd0ca0bce5e00069e98be7">David Crossley</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>security</label>
                            <label>security-reviewed</label>
                    </labels>
                <created>Wed, 30 Mar 2022 14:29:08 +0000</created>
                <updated>Wed, 4 May 2022 04:07:51 +0000</updated>
                            <resolved>Wed, 4 May 2022 04:07:51 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>3</watches>
                                                                <comments>
                                                            <comment id="197716" author="5cf6c546b87c300f36eb7b9a" created="Thu, 31 Mar 2022 15:49:42 +0000"  >&lt;p&gt;the security team has reviewed this and assigned a priority.&#160; Attn: &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ab8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; class=&quot;user-hover&quot; rel=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; data-account-id=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; accountid=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; rel=&quot;noreferrer&quot;&gt;Jakub Skoczen&lt;/a&gt;&lt;/p&gt;</comment>
                                                            <comment id="197719" author="61cd0ca0bce5e00069e98be7" created="Wed, 4 May 2022 04:07:39 +0000"  >&lt;p&gt;Done in &lt;a href=&quot;https://github.com/folio-org/folio-tools/pull/219&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-tools/pull/219&lt;/a&gt;.&lt;br/&gt;
Built, tested on various module builds, and refenv and platform.&lt;br/&gt;
Published as 2.9.5 and latest.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="82275">FOLIO-3463</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10155"><![CDATA[FOLIO DevOps]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10106" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>RCA Group</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10367"><![CDATA[TBD]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i04e9u:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="2002">DevOps Sprint 137</customfieldvalue>
    <customfieldvalue id="2003">DevOps Sprint 138</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 31 Mar 2022 15:49:42 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>