Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-5000

Triage SEC-274 for PuppetDB and PE-PuppetDB

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PDB 6.14.0, PDB 7.1.0
    • Component/s: None
    • Labels:
      None
    • Template:
    • Team:
      HA
    • Story Points:
      1
    • Sprint:
      HA 2021-01-27, HA 2021-02-10
    • Release Notes:
      Security Fix
    • Release Notes Summary:
      Various security fixes
    • QA Risk Assessment:
      Needs Assessment

      Description

      Triage and provide a response to the CVE's in SEC-274 for pupetdb and pe-puppetdb clojure dependencies

      Packages to investigate

      bcprov-jdk15on-1.66.jar
      commons-fileupload-1.3.1.jar (2014 Release year)
      jetty-client-9.4.28.v20200408.jar
      quartz-2.3.1.jar
      shiro-core-1.4.1.jar (PE only)
      tika-core-1.5.jar
      websocket-server-9.4.28.v20200408.jar
      commons-beanutils-1.9.2.jar (PE only)
      commons-compress-1.17.jar
      jackson-databind-2.10.0.jar
      nippy-2.14.0.jar
      snakeyaml-1.23.jar

      Status

      Package Result
      bcprov-jdk15on-1.66.jar Upgraded to 1.68
      commons-fileupload-1.3.1.jar Upgraded to 1.4
      jetty-client-9.4.28.v20200408.jar Upgraded to 9.4.36
      quartz-2.3.1.jar Upgraded to 2.3.2
      shiro-core-1.4.1.jar upgrade to 1.7.0
      tika-core-1.5.jar removed dependency
      websocket-server-9.4.28.v20200408.jar Upgraded to 9.4.36
      commons-beanutils-1.9.2.jar upgraded to 1.9.4
      commons-compress-1.17.jar upgraded to 1.20
      jackson-databind-2.10.0.jar upgraded to 2.12.1
      nippy-2.14.0.jar updated to 3.1.1
      snakeyaml-1.23.jar Upgraded to 1.27

        Attachments

          Activity

            People

            Assignee:
            austin.blatt Austin Blatt
            Reporter:
            austin.blatt Austin Blatt
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support