[SET-195] Update Google Guava 21.0 to 24.1.1 due to 3rd party vulnerability issue CVE-2018-10237 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.12, 1.13
Fix Version/s: 1.12.13, 1.13.5
Labels:
None

CVE-ID:
CVE-2018-10237

Description

Current Situation

Currently JOC Cockpit and JobScheduler Master/Agent use Guava version 21.0
A vulnerability affects this version, see https://nvd.nist.gov/vuln/detail/CVE-2018-10237 and https://www.cvedetails.com/cve/CVE-2018-10237/ https://nvd.nist.gov/vuln/detail/CVE-2018-10237

Desired Behavior

Due to a vulnerability Issue of older Jackson releases the JOC Cockpit as well as the JobScheduler Master/Agent should use the current version 24.1.1 that fixes the issues.

Attachments

Activity

People

Assignee:: Oliver Haufe

Reporter:: Andreas Püschel

Approver:: Kanika Agrawal

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 16 June 2020 10:41

Updated:: 29 July 2020 21:29

Resolved:: 29 June 2020 08:22