[JOC-1580] Update commons-codec to version 1.16.0 due to a 3rd-party vulnerability issue - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.5.3, 2.6.0
Fix Version/s: 2.5.4, 2.6.1
Component/s: None
Labels:
None

CVE-ID:
SNYK-JAVA-COMMONSCODEC-561518

Description

Current Situation

JS7 components ship with the 3rd-party library commons-codec 1.11.
A vulnerability affects this library:
- https://security.snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518
- No CVE ID is provided for this Issue.

Impact

We rate the impact to our software being low as our implementation does not make use of the Base32 implementation of commons-codec.

Desired Behavior

JS7 components should ship with the latest version 1.16.0 which fixes the vulnerability.

Attachments

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Kanika Agrawal

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21 July 2023 10:45

Updated:: 28 July 2023 16:00

Resolved:: 24 July 2023 10:14