[JOC-1390] Update org.apache.shiro:shiro-core from 1.9.1 to 1.10.0 due to 3rd-party vulnerability issue CVE-2022-40664 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Medium
Resolution: Fixed
Affects Version/s: 1.13.15
Fix Version/s: 1.13.16
Component/s: None
Labels:
None

CVE-ID:
CVE-2022-40664

Description

Current Situation

Currently JOC Cockpit uses org.apache.shiro:shiro-core version 1.9.1
a vulnerability affects this version,
- see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40664

Desired Behavior

Due to a vulnerability Issue of older org.apache.shiro:shiro-core releases the JOC Cockpit should use the current version 1.10.0 that fixes the issues.

Attachments

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Pratishtha Pandey

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13 October 2022 07:58

Updated:: 24 October 2022 20:09

Resolved:: 13 October 2022 08:49