You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Brent Driskill (Jira)" <ji...@apache.org> on 2020/08/31 12:34:00 UTC
[jira] [Created] (GEODE-8471) Dependency security issues in
geode-core-1.12
Brent Driskill created GEODE-8471:
-------------------------------------
Summary: Dependency security issues in geode-core-1.12
Key: GEODE-8471
URL: https://issues.apache.org/jira/browse/GEODE-8471
Project: Geode
Issue Type: Bug
Components: build
Affects Versions: 1.12.0
Reporter: Brent Driskill
The following libraries need to be updated to patch security vulnerabilities:
beanutils: 1.9.3 -> 1.9.4
jgroups: 3.6.14 -> 3.6.20
apache-shiro: 1.4.1 -> 1.4.2
spring-web: 5.2.1 -> 5.2.8
These were found using the owasp security gradle plugin.
Related CVE's:
CVE-2018-1000613, CVE-2020-9547, CVE-2020-9548, CVE-2019-14379, CVE-2020-11619, CVE-2019-20330, CVE-2020-11620, CVE-2018-14719, CVE-2019-17531, CVE-2019-14540, CVE-2020-9546, CVE-2019-16942, CVE-2019-16943, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2019-17267, CVE-2019-16335, CVE-2018-14721, CVE-2019-14893, CVE-2020-8840, CVE-2018-14720, CVE-2019-14892, CVE-2017-5645, CVE-2019-5736, CVE-2014-0048, CVE-2019-15752, CVE-2018-1270, CVE-2020-1938
--
This message was sent by Atlassian Jira
(v8.3.4#803005)