[JS-1809] Update Spring Framework core to Version >= 4.3.17 due to 3rd party vulnerability issues in Spring Framework (CVE-2015-0201, CVE-2015-3192, CVE-2015-5211, CVE-2016-5007, CVE-2018-1257, CVE-2018-1270, CVE-2018-1272, CVE-2018-1275) - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.9.13, 1.10.10, 1.12
Fix Version/s: 1.9.14, 1.10.11, 1.12.8
Component/s: Job Scheduler Binaries
Labels:
None

CVE-ID:
CVE-2015-0201, CVE-2015-3192, CVE-2015-5211, CVE-2016-5007, CVE-2018-1257, CVE-2018-1270, CVE-2018-1272, CVE-2018-1275

Description

Current Situation

The JobScheduler currently uses the Spring Framework core in version 4.1.2 for JobScheduler integration tests.
For the vulnerability issues affecting the JobScheduler integration tests, see:

Desired Behavior

Due to vulnerability Issues of older Spring Framework core releases the JobScheduler should use the current version 4.3.10 that fixes the issues.

Maintainer Notes

The released versions of the JobScheduler are not affected by those vulnerabilities.
The vulnerability issues affect only the internally used integration tests.

Attachments

Activity

People

Assignee:: Joacim Zschimmer

Reporter:: Santiago Aucejo Petzoldt

Approver:: Santiago Aucejo Petzoldt

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18 October 2018 11:43

Updated:: 29 July 2020 21:34

Resolved:: 27 October 2018 11:03