[JOC-1116] Update org.apache.shiro:shiro-core from 1.5.0 to 1.7.1 due to 3rd party vulnerability issue CVE-2020-13933 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.12, 1.13
Fix Version/s: 1.12.15, 1.13.10
Component/s: JOC Cockpit Web Service
Labels:
None

CVE-ID:
CVE-2020-13933

Description

Current Situation

Currently JobScheduler components use org.apache.shiro:shiro-core version 1.5.0
a vulnerability affects this version,
- see https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13933

Desired Behavior

Due to a vulnerability Issue of older org.apache.shiro:shiro-core releases the JobScheduler components should use the current version 1.71 that fixes the issues.

Attachments

Activity

People

Assignee:: Uwe Risse

Reporter:: Andreas Püschel

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11 May 2021 12:11

Updated:: 16 December 2021 15:59

Resolved:: 01 July 2021 15:42