Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1744

Upgrade commons-compress to 1.26.0 due to 3rd Party vulnerability CVE-2024-26308

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 2.5.8, 2.6.5
    • 2.5.9, 2.6.6
    • None
    • None
    • CVE-2024-26308

    Description

      Current Situation

      JS7 Agent  and JOC Cockpit makes use of commons-compress 3rd-party components. A vulnerability affects the version in use, see https://nvd.nist.gov/vuln/detail/CVE-2024-26308
      We rate this vulnerability as minor. 

      Desired Behavior

      All components should use commons-compress 1.26.0 which fixes the issue.

      Attachments

        Activity

          People

            sp Santiago Aucejo Petzoldt
            sp Santiago Aucejo Petzoldt
            Aakash Rao Aakash Rao
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: