<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 22:25:31 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[ISBNUTIL-15] commons-validator 1.7 (CVE-2019-10086)</title>
                <link>https://folio-org.atlassian.net/browse/ISBNUTIL-15</link>
                <project id="10251" key="ISBNUTIL">isbn-util</project>
                    <description>&lt;p&gt;Upgrade commons-validator from 1.6 to 1.7. This indirectly upgrades commons-beanutils from 1.9.2 to 1.9.4 fixing Deserialization of Untrusted Data: &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2019-10086&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2019-10086&lt;/a&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="79051">ISBNUTIL-15</key>
            <summary>commons-validator 1.7 (CVE-2019-10086)</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                            <parent id="13571">UXPROD-47</parent>
                                    <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="-1">Unassigned</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>security</label>
                            <label>security-reviewed</label>
                    </labels>
                <created>Mon, 2 May 2022 14:02:50 +0000</created>
                <updated>Mon, 23 May 2022 08:57:11 +0000</updated>
                            <resolved>Wed, 11 May 2022 11:41:47 +0000</resolved>
                                                    <fixVersion>1.4.0</fixVersion>
                                        <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                <comments>
                                                            <comment id="187858" author="5ee89462f7aa140abd82d11d" created="Mon, 2 May 2022 14:06:41 +0000"  >&lt;p&gt;@ Folijet: Please code review and merge &lt;a href=&quot;https://github.com/folio-org/folio-isbn-util/pull/19&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-isbn-util/pull/19&lt;/a&gt; . I don&apos;t have write permission for this repository.&lt;/p&gt;</comment>
                                                            <comment id="187859" author="5af5e627525ba96b58654f12" created="Tue, 10 May 2022 13:55:50 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A3f70d661-5e37-4873-8291-b723556aba10&quot; class=&quot;user-hover&quot; rel=&quot;557058:3f70d661-5e37-4873-8291-b723556aba10&quot; data-account-id=&quot;557058:3f70d661-5e37-4873-8291-b723556aba10&quot; accountid=&quot;557058:3f70d661-5e37-4873-8291-b723556aba10&quot; rel=&quot;noreferrer&quot;&gt;Aliaksandr Fedasiuk&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=6371fa3b77acd224b33c1afd&quot; class=&quot;user-hover&quot; rel=&quot;6371fa3b77acd224b33c1afd&quot; data-account-id=&quot;6371fa3b77acd224b33c1afd&quot; accountid=&quot;6371fa3b77acd224b33c1afd&quot; rel=&quot;noreferrer&quot;&gt;Serhii_Nosko&lt;/a&gt; Please see Julian&apos;s comment above. Can we include in the current sprint, or do we need to wait until next sprint? Also, which RCA Group should be assigned? Thank you!&lt;/p&gt;

&lt;p&gt;cc: &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A06f9b6fb-9a52-481a-ad72-6e13fc570a8a&quot; class=&quot;user-hover&quot; rel=&quot;557058:06f9b6fb-9a52-481a-ad72-6e13fc570a8a&quot; data-account-id=&quot;557058:06f9b6fb-9a52-481a-ad72-6e13fc570a8a&quot; accountid=&quot;557058:06f9b6fb-9a52-481a-ad72-6e13fc570a8a&quot; rel=&quot;noreferrer&quot;&gt;Kateryna Senchenko&lt;/a&gt; &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5f02e1e91c682d0029dd61b8&quot; class=&quot;user-hover&quot; rel=&quot;5f02e1e91c682d0029dd61b8&quot; data-account-id=&quot;5f02e1e91c682d0029dd61b8&quot; accountid=&quot;5f02e1e91c682d0029dd61b8&quot; rel=&quot;noreferrer&quot;&gt;Ivan Kryzhanovskyi&lt;/a&gt;&lt;/p&gt;</comment>
                                                            <comment id="187860" author="557058:3f70d661-5e37-4873-8291-b723556aba10" created="Wed, 11 May 2022 11:29:06 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5ee89462f7aa140abd82d11d&quot; class=&quot;user-hover&quot; rel=&quot;5ee89462f7aa140abd82d11d&quot; data-account-id=&quot;5ee89462f7aa140abd82d11d&quot; accountid=&quot;5ee89462f7aa140abd82d11d&quot; rel=&quot;noreferrer&quot;&gt;Julian Ladisch&lt;/a&gt;, your PR was approved and merged.&lt;/p&gt;</comment>
                                                            <comment id="187861" author="557058:3f70d661-5e37-4873-8291-b723556aba10" created="Wed, 11 May 2022 11:40:26 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5af5e627525ba96b58654f12&quot; class=&quot;user-hover&quot; rel=&quot;5af5e627525ba96b58654f12&quot; data-account-id=&quot;5af5e627525ba96b58654f12&quot; accountid=&quot;5af5e627525ba96b58654f12&quot; rel=&quot;noreferrer&quot;&gt;Ann-Marie Breaux&lt;/a&gt;, after releasing folio-isbn-util we should update used version of this package in mod-inventory.&lt;/p&gt;

&lt;p&gt;We need a task to release folio-isbn-util.&lt;/p&gt;</comment>
                                                            <comment id="187862" author="5ee89462f7aa140abd82d11d" created="Wed, 11 May 2022 11:43:26 +0000"  >&lt;p&gt;Thanks!&lt;br/&gt;
Please release folio-isbn-util to that the fixed version can be used by all modules that use it: &lt;a href=&quot;https://github.com/search?l=Maven+POM&amp;amp;q=org%3Afolio-org+folio-isbn-util&amp;amp;type=Code&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/search?l=Maven+POM&amp;amp;q=org%3Afolio-org+folio-isbn-util&amp;amp;type=Code&lt;/a&gt;&lt;/p&gt;</comment>
                                                            <comment id="187863" author="5ee89462f7aa140abd82d11d" created="Wed, 11 May 2022 15:06:05 +0000"  >&lt;p&gt;Release task created: 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;ISBNUTIL-16&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/ISBNUTIL-16&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Release folio-isbn-util fixing Deserialization of Untrusted Data (CVE-2019-10086)&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            ISBNUTIL-16
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
&lt;/p&gt;</comment>
                                                            <comment id="187864" author="5af5e627525ba96b58654f12" created="Mon, 16 May 2022 06:41:08 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A3f70d661-5e37-4873-8291-b723556aba10&quot; class=&quot;user-hover&quot; rel=&quot;557058:3f70d661-5e37-4873-8291-b723556aba10&quot; data-account-id=&quot;557058:3f70d661-5e37-4873-8291-b723556aba10&quot; accountid=&quot;557058:3f70d661-5e37-4873-8291-b723556aba10&quot; rel=&quot;noreferrer&quot;&gt;Aliaksandr Fedasiuk&lt;/a&gt; and &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5ee89462f7aa140abd82d11d&quot; class=&quot;user-hover&quot; rel=&quot;5ee89462f7aa140abd82d11d&quot; data-account-id=&quot;5ee89462f7aa140abd82d11d&quot; accountid=&quot;5ee89462f7aa140abd82d11d&quot; rel=&quot;noreferrer&quot;&gt;Julian Ladisch&lt;/a&gt; This is for Morning Glory, right? I&apos;ll update the release fields and features and such. Even if we need to release sooner than the Morning Glory general releases, we don&apos;t have to release for a Kiwi or Lotus Hotfix, do we?&lt;/p&gt;</comment>
                                                            <comment id="187865" author="557058:3f70d661-5e37-4873-8291-b723556aba10" created="Mon, 16 May 2022 10:50:01 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5af5e627525ba96b58654f12&quot; class=&quot;user-hover&quot; rel=&quot;5af5e627525ba96b58654f12&quot; data-account-id=&quot;5af5e627525ba96b58654f12&quot; accountid=&quot;5af5e627525ba96b58654f12&quot; rel=&quot;noreferrer&quot;&gt;Ann-Marie Breaux&lt;/a&gt;, you are right. We may release it earlier than the general Morning Glory releases, but we don&apos;t need it for Kiwi and Lotus Hotfix.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10000">
                    <name>Blocks</name>
                                            <outwardlinks description="blocks">
                                        <issuelink>
            <issuekey id="79032">ISBNUTIL-16</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10008">
                    <name>Defines</name>
                                            <outwardlinks description="defines">
                                        <issuelink>
            <issuekey id="12205">UXPROD-3446</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10153"><![CDATA[Folijet]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10014" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue key="$xmlutils.escape($text)">Batch Importer (Bib/Acq)</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10106" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>RCA Group</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10385"><![CDATA[Related dependency upgrade]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|hzx236:i200900064</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10046" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Release</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10057"><![CDATA[Morning Glory (R2 2022)]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="436">Folijet Sprint 139</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10044" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Story Points</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 10 May 2022 13:55:50 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>