[JS-1888] Update dom4j 1.6.1 to 2.1.3 due to 3rd party vulnerability issues CVE-2020-10683, CVE-2018-1000632 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.12.14, 1.13.5
Component/s: None
Labels:
None

CVE-ID:
CVE-2020-10683, CVE-2018-1000632

Description

Current Situation

Currently JobScheduler components use dom4j version 1.6.1
Two vulnerability affect this version,
- see https://nvd.nist.gov/vuln/detail/CVE-2020-10683 and https://www.cvedetails.com/cve/CVE-2020-10683
- see https://nvd.nist.gov/vuln/detail/CVE-2018-1000632 and https://www.cvedetails.com/cve/CVE-2018-1000632

Desired Behavior

Due to a vulnerability Issue of older dom4j releases the JobScheduler components should use the current version 2.1.3 that fixes the issues.

Attachments

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Andreas Püschel

Approver:: Oliver Haufe

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 28 July 2020 22:44

Updated:: 11 August 2020 13:59

Resolved:: 30 July 2020 10:33