You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Christian Pfarr (Jira)" <ji...@apache.org> on 2022/06/14 08:06:00 UTC

[jira] [Created] (RANGER-3788) Upgrade spring to 5.3.20

Christian Pfarr created RANGER-3788:
---------------------------------------

             Summary: Upgrade spring to 5.3.20 
                 Key: RANGER-3788
                 URL: https://issues.apache.org/jira/browse/RANGER-3788
             Project: Ranger
          Issue Type: Bug
          Components: admin
    Affects Versions: 2.2.0
            Reporter: Christian Pfarr
             Fix For: 3.0.0, 2.3.0


[https://nvd.nist.gov/vuln/detail/CVE-2022-22970]

[https://nvd.nist.gov/vuln/detail/CVE-2022-22971] 

[https://github.com/spring-projects/spring-framework/releases/tag/v5.3.20] 

Spring seems to be vulnerable to DoS attacks when handling file uploads.

We´ve got some Security Reports and need a fix in future releases.

Upgrading to 5.3.20 should be enough.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)