[NXP-32138] Upgrade Quartz to 2.4.0-rc2 - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2021.45
Fix Version/s: 2023.4, 2021.46
Component/s: Scheduler

Release Notes Summary:
The org.quartz-scheduler:quartz library was upgraded to 2.4.0-rc2.
Tags:
- SupCom
- nxplatform
Backlog priority:
1,000
Upgrade notes:

Hide

The org.quartz-scheduler:quartz library was upgraded to 2.4.0-rc2.

Show
The org.quartz-scheduler:quartz library was upgraded to 2.4.0-rc2.
Sprint:
nxplatform #100
Story Points:
3

Description

A critical CVE has been discovered against the Quartz library: https://nvd.nist.gov/vuln/detail/CVE-2023-39017

Even if Nuxeo does not seem vulnerable to this issue, the scan of our Docker image fails because of it.

So it seems better to upgrade to the latest available version of org.quartz-scheduler:quartz

Attachments

Activity

People

Assignee:

Antoine Taillefer

Reporter:

Thierry Martins

Participants:

Antoine Taillefer, Jenkins, Thierry Martins

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2023-10-27 13:07

Updated:

2023-11-27 13:28

Resolved:

2023-11-06 09:01