[SET-196] Update Xerces 2.11.0 to 2.12.0 due to 3rd party vulnerability issue CVE-2015-6420 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 1.12, 1.13
Fix Version/s: 1.12.13, 1.13.5
Labels:
None

CVE-ID:
CVE-2015-6420

Description

Current Situation

Currently JobScheduler components use Xerces version 2.11.0
A vulnerability affects this version, see https://nvd.nist.gov/vuln/detail/CVE-2015-6420 and https://www.cvedetails.com/cve/CVE-2015-6420/ https://nvd.nist.gov/vuln/detail/CVE-2015-6420

Desired Behavior

Due to a vulnerability Issue of older Xerces releases the JobScheduler components should use the current version 2.12.0 that fixes the issues.

Attachments

Issue Links

relates to

JS-1978 Update xerces 2.12.0 to 2.12.2 due to 3rd party vulnerability issue CVE-2022-23437

Released

Activity

People

Assignee:: Oliver Haufe

Reporter:: Andreas Püschel

Approver:: Kanika Agrawal

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16 June 2020 10:49

Updated:: 28 January 2022 13:03

Resolved:: 16 June 2020 14:40