[JS-1940] Replace jdom 1.1 with another implementation due to 3rd party vulnerability CVE-2021-33814 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Dismissed (View Workflow)
Priority: Minor
Resolution: Won't Fix
Affects Version/s: 1.13.9
Fix Version/s: 1.13.10
Component/s: None
Labels:
None

CVE-ID:
CVE-2021-33814

Description

Current Situation

Currently the JobScheduler Master uses jdom version 1.1 during its build process to generate C++ code
A vulnerability affects this version of jdom,
- see https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-33814

Mitigation

jdom is not included with the JobScheduler distribution., therefore there is no threat involved for users of JobScheduler.
JobScheduler branch 1.x (JS1) is currently replaced by branch 2.x (JS7) that does not make use of jdom.

Attachments

Activity

People

Assignee:: Andreas Püschel

Reporter:: Santiago Aucejo Petzoldt

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 13 August 2021 06:56

Updated:: 14 December 2021 10:10

Resolved:: 13 December 2021 10:08