Details
-
Task
-
Status: Resolved
-
Normal
-
Resolution: Fixed
-
None
-
None
-
HA
-
1
-
HA 2021-01-27, HA 2021-02-10
-
Security Fix
-
Various security fixes
-
Needs Assessment
Description
Triage and provide a response to the CVE's in SEC-274 for pupetdb and pe-puppetdb clojure dependencies
Packages to investigate
bcprov-jdk15on-1.66.jar
commons-fileupload-1.3.1.jar (2014 Release year)
jetty-client-9.4.28.v20200408.jar
quartz-2.3.1.jar
shiro-core-1.4.1.jar (PE only)
tika-core-1.5.jar
websocket-server-9.4.28.v20200408.jar
commons-beanutils-1.9.2.jar (PE only)
commons-compress-1.17.jar
jackson-databind-2.10.0.jar
nippy-2.14.0.jar
snakeyaml-1.23.jar
Status
| Package | Result |
|---|---|
| bcprov-jdk15on-1.66.jar | Upgraded to 1.68 |
| commons-fileupload-1.3.1.jar | Upgraded to 1.4 |
| jetty-client-9.4.28.v20200408.jar | Upgraded to 9.4.36 |
| quartz-2.3.1.jar | Upgraded to 2.3.2 |
| shiro-core-1.4.1.jar | upgrade to 1.7.0 |
| tika-core-1.5.jar | removed dependency |
| websocket-server-9.4.28.v20200408.jar | Upgraded to 9.4.36 |
| commons-beanutils-1.9.2.jar | upgraded to 1.9.4 |
| commons-compress-1.17.jar | upgraded to 1.20 |
| jackson-databind-2.10.0.jar | upgraded to 2.12.1 |
| nippy-2.14.0.jar | updated to 3.1.1 |
| snakeyaml-1.23.jar | Upgraded to 1.27 |