Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-876

Update use of shiro-core version to >= 1.4.2 due to 3rd party vulnerability issue CVE-2019-12422

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 1.12, 1.13
    • 1.12.13, 1.13.4
    • None
    • None
    • CVE-2019-12422

    Description

      Current Situation

      Currently JOC Cockpit uses shiro-core version 1.2.3.
      A vulnerability affects this version, see https://nvd.nist.gov/vuln/detail/CVE-2019-12422

      Desired Behavior

      Due to a vulnerability Issue of older shiro-core releases the JOC Cockpit should use the current version 1.5.0 that fixes the issue.

      Maintainer Notes

      Please note:  JOC-Cockpit does not make use of the shiro remember-me functionality and therefore is not impacted by this vulnerability.

      Attachments

        Issue Links

          is related to

          Fix - JOC-895 Session sharing in a JOC Cockpit Cluster should work

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Released

          Activity

            People

              sp Santiago Aucejo Petzoldt
              sp Santiago Aucejo Petzoldt
              Uwe Risse Uwe Risse
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: