Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-30979

Upgrade various dependencies to fix CVE

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 10.10
    • Fix Version/s: 10.10-HF63, 2021.23
    • Component/s: Security
    • Tags:
    • Backlog priority:
      1,000
    • Upgrade notes:
      Hide

      Upgrade to netty 4.1.78.Final and jackson-databind 2.9.10.8 to fix CVE

      Show
      Upgrade to netty 4.1.78.Final and jackson-databind 2.9.10.8 to fix CVE
    • Sprint:
      nxplatform #64
    • Story Points:
      5

      Description

      jackson-databind: 2.9.10.7 -> 2.9.10.8 (CVE-2020-36182 and more at https://snyk.io/vuln/maven:com.fasterxml.jackson.core%3Ajackson-databind)
      netty-codec(-http): 4.1.30 -> 4.1.72 (CVE-2019-20444, CVE-2020-7238, CVE-2019-20445)

        Attachments

          Issue Links

          links to

          Web Link PR for 10.10

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: