<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:29:39 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3646] mod-workflow: Upgrade to spring-module-core 1.1.2 fixing vulns</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3646</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;Upgrade org.folio:spring-module-core from 1.1.1 to 1.1.2.&lt;/p&gt;

&lt;p&gt;The spring-module-core upgrade indirectly upgrades jackson-databind from 2.13.2.1 to 2.14.0 fixing Denial of Service (DoS):&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-42004&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-42004&lt;/a&gt;&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-42003&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-42003&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The spring-module-core upgrade indirectly upgrades org.postgresql:postgresql from 42.3.3 to 42.5.0 fixing SQL Injection:&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-31197&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-31197&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The spring-module-core upgrade indirectly upgrades spring-beans from 5.3.19 to 5.3.23 fixing Denial of Service (DoS):&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-22970&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-22970&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The spring-module-core upgrade indirectly upgrades spring-data-rest-webmvc from 3.6.4 to 3.7.5 fixing Information Exposure:&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-31679&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-31679&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The spring-module-core upgrade indirectly upgrades snakeyaml from1.29 to 1.33 fixing Denial of Service (DoS) and Stack-based Buffer Overflow:&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-25857&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-25857&lt;/a&gt;&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-38749&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-38749&lt;/a&gt;&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-38750&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-38750&lt;/a&gt;&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-38751&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-38751&lt;/a&gt;&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-38752&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-38752&lt;/a&gt;&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-41854&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-41854&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The spring-module-core upgrade indirectly upgrades spring-messaging from 5.3.19 to &lt;br/&gt;
5.3.23 fixing Denial of Service (DoS):&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-22971&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-22971&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The spring-module-core upgrade indirectly upgrades kotlin-stdlib from 1.3.50 to 1.6.21 fixing Improper Locking and Information Exposure:&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-24329&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-24329&lt;/a&gt;&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2020-29582&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2020-29582&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The spring-module-core upgrade indirectly upgrades tomcat-embed-core from 9.0.62 to 9.0.68 fixing HTTP Request Smuggling:&lt;br/&gt;
&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-42252&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-42252&lt;/a&gt;&lt;/p&gt;
</description>
                <environment></environment>
        <key id="82436">FOLIO-3646</key>
            <summary>mod-workflow: Upgrade to spring-module-core 1.1.2 fixing vulns</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                                            <priority id="10005" iconUrl="https://dev.folio.org/assets/jira-priority/tbd.svg">TBD</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="557058:abe52938-e5a4-4b11-be6c-c0d83a4b2577">William Welling</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>security</label>
                    </labels>
                <created>Mon, 21 Nov 2022 21:45:51 +0000</created>
                <updated>Wed, 23 Nov 2022 00:24:04 +0000</updated>
                            <resolved>Wed, 23 Nov 2022 00:24:04 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                        <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10170"><![CDATA[Other dev]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10106" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>RCA Group</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10385"><![CDATA[Related dependency upgrade]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i05tkz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>