Uploaded image for project: 'JS - JobScheduler'
  1. JS - JobScheduler
  2. JS-2129

Upgrade bouncycastle bcprov-jdk15to18 to version 1.78.1 due to 3rd party vulnerabilities CVE-2024-29857, CVE-2024-30171, CVE-2024-30172

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • None
    • 2.7.0
    • None
    • None
    • CVE-2024-29857, CVE-2024-30171, CVE-2024-30172

    Description

      Current Situation

      Impact

      • We rate the impact to our software being low because
        • CVE-2024-30171 affects only pdf reader implementations which we do not use.
        • CVE-2024-30172 affects only ROS (Robot Operating System) and is already disputed by multiple vendors, rating process at NVD is ongoing
        • CVE-2024-29857 we can´t rate this issue as public description of the vulnerability is not available yet

      Desired Behavior

      • JS7 Controller, Agent and JOC should ship with the latest version 1.78.1 which solve the vulnerability issues.

      Attachments

        Activity

          People

            sp Santiago Aucejo Petzoldt
            sp Santiago Aucejo Petzoldt
            Oliver Haufe Oliver Haufe
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: