<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:28:22 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3468] mod-spring-sample security vulnerabilities</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3468</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;&lt;a href=&quot;https://github.com/folio-org/mod-spring-sample&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-spring-sample&lt;/a&gt; has multiple security vulnerabilities in dependencies.&lt;/p&gt;

&lt;p&gt;Either&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;archive this repository (details: 
    &lt;span class=&quot;jira-issue-macro&quot; data-jira-key=&quot;FOLIO-1838&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-1838&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Follow the documented procedure to fully deprecate existing old repositories&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            FOLIO-1838
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-complete jira-macro-single-issue-export-pdf&quot;&gt;Open&lt;/span&gt;
            &lt;/span&gt;
 and 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-1710&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-1710&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Document method for archiving repositories as deprecated&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            FOLIO-1710
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
)&lt;/li&gt;
	&lt;li&gt;or handle each vulnerability: Update the dependency, or add a section to the README and explain for each vulnerable dependency why mod-spring-sample is not affected.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Dependencies with vulnerabilities:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;org.springframework:spring-beans@5.2.10.RELEASE Spring4Shell Remote Code Execution (RCE) &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-22965&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-22965&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;net.minidev:json-smart@2.3 Denial of Service (DoS) &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2021-27568&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2021-27568&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;com.fasterxml.jackson.core:jackson-databind@2.11.3 Denial of Service (DoS) &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2020-36518&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2020-36518&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;org.apache.tomcat.embed:tomcat-embed-core@9.0.39 Denial of Service (DoS) &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2021-41079&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2021-41079&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;org.apache.tomcat.embed:tomcat-embed-core@9.0.39 Remote Code Execution (RCE) &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2021-25329&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2021-25329&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;org.glassfish:jakarta.el@3.0.3 Improper Input Validation &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2021-28170&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2021-28170&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;com.h2database:h2@1.4.200 Remote Code Execution (RCE) &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-23221&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-23221&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</description>
                <environment></environment>
        <key id="82283">FOLIO-3468</key>
            <summary>mod-spring-sample security vulnerabilities</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                                            <priority id="10005" iconUrl="https://dev.folio.org/assets/jira-priority/tbd.svg">TBD</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="557058:abe52938-e5a4-4b11-be6c-c0d83a4b2577">William Welling</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>security</label>
                    </labels>
                <created>Mon, 11 Apr 2022 09:19:55 +0000</created>
                <updated>Mon, 11 Apr 2022 16:04:22 +0000</updated>
                            <resolved>Mon, 11 Apr 2022 16:04:22 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                                                    <issuelinks>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                            <outwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="82314">FOLIO-3469</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10170"><![CDATA[Other dev]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10106" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>RCA Group</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10367"><![CDATA[TBD]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i04g8y:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>