JS - JobScheduler
  1. JS - JobScheduler
  2. JS-1809

Update Spring Framework core to Version >= 4.3.17 due to vulnerability issues in Spring Framework (CVE-2015-0201, CVE-2015-3192, CVE-2015-5211, CVE-2016-5007, CVE-2018-1257, CVE-2018-1270, CVE-2018-1272, CVE-2018-1275)

    Details

    • CVE-ID:
      CVE-2015-0201, CVE-2015-3192, CVE-2015-5211, CVE-2016-5007, CVE-2018-1257, CVE-2018-1270, CVE-2018-1272, CVE-2018-1275

      Description

      Current Situation

      Desired Behavior

      • Due to vulnerability Issues of older Spring Framework core releases the JobScheduler should use the current version 4.3.10 that fixes the issues.

      Maintainer Notes

      • The released versions of the JobScheduler are not affected by those vulnerabilities.
      • The vulnerability issues affect only the internally used integration tests.

        Activity

        Hide
        Joacim Zschimmer added a comment - - edited

        spring-core 4.3.20

        spring is used for developement tests only.
        spring is not used or included in release.

        Show
        Joacim Zschimmer added a comment - - edited spring-core 4.3.20 spring is used for developement tests only. spring is not used or included in release.

          People

          • Assignee:
            Joacim Zschimmer
            Reporter:
            Santiago Aucejo Petzoldt
            Approver:
            Santiago Aucejo Petzoldt
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: