<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 22:31:00 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[MODSER-10] Upgrade Grails from 5 to 6 for Quesnelia</title>
                <link>https://folio-org.atlassian.net/browse/MODSER-10</link>
                <project id="10263" key="MODSER">mod-serials-management</project>
                    <description>&lt;p&gt;Grails 6 has been released on July 25, 2023: &lt;a href=&quot;https://grails.org/blog/2023-07-25-introducing-grails-6.html&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://grails.org/blog/2023-07-25-introducing-grails-6.html&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Grails 5 dependencies (including grails-web-testing-support) come with several security vulnerabities:&lt;/p&gt;

&lt;p&gt;org.springframework:spring-webmvc@5.3.19 - Improper Access Control - &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2023-20860&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2023-20860&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;org.grails:grails-databinding@5.1.8 -&#160;Arbitrary Code Execution - &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-35912&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-35912&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;org.yaml:snakeyaml@1.33 -&#160;Arbitrary Code Execution - &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-1471&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-1471&lt;/a&gt; - &lt;a href=&quot;https://folio-org.atlassian.net/wiki/display/SEC/SnakeYaml+SafeConstructor&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/wiki/display/SEC/SnakeYaml+SafeConstructor&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;org.springframework:spring-expression@5.3.24 -&#160;Allocation of Resources Without Limits or Throttling - &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2023-20863&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2023-20863&lt;/a&gt;&#160;, &lt;a href=&quot;https://www.cve.org/CVERecord?id=CVE-2023-20861&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://www.cve.org/CVERecord?id=CVE-2023-20861&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;org.springframework.security:spring-security-web@5.8.1 - Session Fixation - &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2023-20862&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2023-20862&lt;/a&gt;&lt;br/&gt;
&#160;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;&#160;&lt;br/&gt;
&#160;&lt;br/&gt;
&#160;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</description>
                <environment></environment>
        <key id="79220">MODSER-10</key>
            <summary>Upgrade Grails from 5 to 6 for Quesnelia</summary>
                <type id="10003" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium">Task</type>
                                            <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="1" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/open.png" description="The issue is open and ready for the assignee to start work on it.">Open</status>
                    <statusCategory id="2" key="new" colorName="blue-gray"/>
                                    <resolution id="-1">Unresolved</resolution>
                                                        <assignee accountid="557058:f42d9c43-226d-4aa3-bb31-9b2dd07920aa">Owen Stephens</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>security</label>
                            <label>security-reviewed</label>
                    </labels>
                <created>Sun, 15 Oct 2023 18:48:41 +0000</created>
                <updated>Thu, 25 Jan 2024 01:11:41 +0000</updated>
                                                                                <due></due>
                            <votes>0</votes>
                                    <watches>3</watches>
                                                                    <issuelinks>
                            <issuelinktype id="10008">
                    <name>Defines</name>
                                            <outwardlinks description="defines">
                                        <issuelink>
            <issuekey id="76646">SECURITY-56</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10159"><![CDATA[K-Int]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10106" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>RCA Group</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10385"><![CDATA[Related dependency upgrade]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i08axc:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10046" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Release</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10079"><![CDATA[Quesnelia (R1 2024)]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    </customfields>
    </item>
</channel>
</rss>