[JOC-1111] Update commons-io from 1.3.2 to 2.7 due to 3rd party vulnerability issue CVE-2021-29425 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.13
Fix Version/s: 1.13.10
Component/s: JOC Cockpit Web Service
Labels:
None

CVE-ID:
CVE-2021-29425

Description

Current Situation

Currently JobScheduler components use commons-io version 1.3.2
a vulnerability affects this version,
- see https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-29425

Desired Behavior

Due to a vulnerability Issue of older commons-io releases the JobScheduler components should use the current version 2.7 that fixes the issues.

Attachments

Activity

People

Assignee:: Oliver Haufe

Reporter:: Andreas Püschel

Approver:: Divyani Rathore

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 27 April 2021 05:59

Updated:: 18 December 2021 01:35

Resolved:: 11 May 2021 10:48