<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 22:23:59 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[MODCITEM-8] Upgrade Spring Boot, Kafka, Hazelcast fixing vulns</title>
                <link>https://folio-org.atlassian.net/browse/MODCITEM-8</link>
                <project id="10249" key="MODCITEM">mod-circulation-item</project>
                    <description>&lt;p&gt;Upgrade Spring Boot from 3.1.4 to 3.1.5.&lt;/p&gt;

&lt;p&gt;The Spring Boot upgrade indirectly upgrades tomcat-embed-core from 10.1.13 to 10.1.15 fixing Denial of Service (DoS) and Improper Input Validation and Incomplete Cleanup&lt;br/&gt;
: &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2023-44487&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2023-44487&lt;/a&gt; , &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2023-45648&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2023-45648&lt;/a&gt; , &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2023-42795&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2023-42795&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Upgrade spring-kafka from 3.0.11 to 3.1.0 and - correspondingly -&lt;br/&gt;
kafka from 3.4.1 to 3.6.0.&lt;/p&gt;

&lt;p&gt;The kafka upgrade indirectly upgrades snappy-java from 1.1.8.4 to 1.1.10.4 fixing four denial of service (DoS) and out of memory (OOM) issues: &lt;a href=&quot;https://security.snyk.io/package/maven/org.xerial.snappy:snappy-java&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://security.snyk.io/package/maven/org.xerial.snappy:snappy-java&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Upgrade hazelcast from 5.2.1 to 5.3.6 fixing Incorrect Permission Assignment for Critical Resource and Insufficiently Protected Credentials: &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2023-33265&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2023-33265&lt;/a&gt; , &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2023-33264&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2023-33264&lt;/a&gt;&lt;/p&gt;


</description>
                <environment></environment>
        <key id="79004">MODCITEM-8</key>
            <summary>Upgrade Spring Boot, Kafka, Hazelcast fixing vulns</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                                            <priority id="10005" iconUrl="https://dev.folio.org/assets/jira-priority/tbd.svg">TBD</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="-1">Unassigned</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>security</label>
                    </labels>
                <created>Thu, 23 Nov 2023 10:59:49 +0000</created>
                <updated>Wed, 20 Dec 2023 12:55:51 +0000</updated>
                            <resolved>Wed, 20 Dec 2023 12:55:51 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                <comments>
                                                            <comment id="187829" author="5ee89462f7aa140abd82d11d" created="Thu, 23 Nov 2023 11:02:46 +0000"  >&lt;p&gt;Pull request for code review: &lt;a href=&quot;https://github.com/folio-org/mod-circulation-item/pull/11&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-circulation-item/pull/11&lt;/a&gt;&lt;/p&gt;</comment>
                                                            <comment id="187830" author="5ee89462f7aa140abd82d11d" created="Mon, 27 Nov 2023 12:46:07 +0000"  >&lt;p&gt;The Volaris team needs to merge the pull request because I don&apos;t have write access for this repository.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10008">
                    <name>Defines</name>
                                            <outwardlinks description="defines">
                                        <issuelink>
            <issuekey id="76587">SECURITY-19</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10188"><![CDATA[Volaris]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10106" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>RCA Group</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10385"><![CDATA[Related dependency upgrade]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i08lu8:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10046" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Release</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10079"><![CDATA[Quesnelia (R1 2024)]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>