View Issue Details

IDProjectCategoryView StatusLast Update
0004307SymmetricDSBugpublic2020-03-17 14:43
Reporterelong Assigned Toelong  
Priorityhigh 
Status closedResolutionfixed 
Product Version3.10.0 
Target Version3.11.7Fixed in Version3.11.7 
Summary0004307: Upgrade libraries with known vulnerabilities
DescriptionIn most cases, we're not using the vulnerable part of the library, but it's safer to just upgrade and avoid the assessment from security scans.

jackson-databind-2.9.8.jar -> 2.10.3
bcprov-jdk15on-1.59.jar -> 1.64
commons-beanutils-1.9.3.jar -> 1.9.4
spring-web-5.1.7.RELEASE.jar -> 5.2.3
jetty-9.4.19.v20190610 -> 9.4.26.v20200117
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Related Changesets

SymmetricDS: 3.11 54354257

2020-03-09 14:54:20

admin

Details Diff
0004307: Upgrade libraries with known vulnerabilities Affected Issues
0004307
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/service/impl/BandwidthService.java Diff File

Issue History

Date Modified Username Field Change
2020-03-09 14:53 elong New Issue
2020-03-09 14:53 elong Status new => assigned
2020-03-09 14:53 elong Assigned To => elong
2020-03-09 14:53 elong Issue generated from: 0004306
2020-03-09 14:58 elong Status assigned => resolved
2020-03-09 14:58 elong Resolution open => fixed
2020-03-09 14:58 elong Fixed in Version => 3.11.7
2020-03-09 15:00 admin Changeset attached => SymmetricDS 3.11 54354257
2020-03-17 14:43 admin Status resolved => closed