[JOC-1271] Update hibernate-core to version 5.5.4.Final due to 3rd Party Vulnerability CVE-2020-25638 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.13.12
Fix Version/s: 1.13.13
Component/s: None
Labels:
None

CVE-ID:
CVE-2020-25638

Description

Current Situation

Currently JS1 JOC Cockpit, Agent and Master make use of hibernate-core version 5.4.19.Final
a vulnerability affect this version
- see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25638

Desired Behavior

Due to a vulnerability Issue of older hibernate-core releases JOC Cockpit, Master and Agent should make use of version 5.5.4.Final that fixes the issue.

Attachments

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Kanika Agrawal

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29 March 2022 11:54

Updated:: 07 April 2022 00:41

Resolved:: 29 March 2022 12:20