You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Ilya Kasnacheev (Jira)" <ji...@apache.org> on 2020/04/22 08:37:00 UTC
[jira] [Updated] (IGNITE-9349) Update Spring Data 2x and 1x and
Spring 5x and 4x versions
[ https://issues.apache.org/jira/browse/IGNITE-9349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ilya Kasnacheev updated IGNITE-9349:
------------------------------------
Security: (was: Private)
> Update Spring Data 2x and 1x and Spring 5x and 4x versions
> ----------------------------------------------------------
>
> Key: IGNITE-9349
> URL: https://issues.apache.org/jira/browse/IGNITE-9349
> Project: Ignite
> Issue Type: Task
> Components: spring
> Affects Versions: 2.6
> Reporter: Dmitry Pavlov
> Assignee: Dmitry Pavlov
> Priority: Critical
> Labels: important, vulnerability
> Fix For: 2.7
>
>
> CVE-2018-1257 - Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17-, needs to be fixed
> CVE-2018-1258 - Spring Framework versions prior to 5.0.6, needs to be fixed
> following vulnerabilities are actual for Ignite dependencies at the master because spring version are 4.3.16 & 5.0.5
> CVE-2018-1259 - Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7
> CVE-2018-1273 - Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5
> Spring-data and spring-data-2-0 need versions update.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)