You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "Brent Driskill (Jira)" <ji...@apache.org> on 2020/08/31 12:34:00 UTC

[jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12

Brent Driskill created GEODE-8471:
-------------------------------------

             Summary: Dependency security issues in geode-core-1.12
                 Key: GEODE-8471
                 URL: https://issues.apache.org/jira/browse/GEODE-8471
             Project: Geode
          Issue Type: Bug
          Components: build
    Affects Versions: 1.12.0
            Reporter: Brent Driskill


The following libraries need to be updated to patch security vulnerabilities:

beanutils: 1.9.3 -> 1.9.4

jgroups: 3.6.14 -> 3.6.20

apache-shiro: 1.4.1 -> 1.4.2

spring-web: 5.2.1 -> 5.2.8

These were found using the owasp security gradle plugin.

Related CVE's: 

CVE-2018-1000613, CVE-2020-9547, CVE-2020-9548, CVE-2019-14379, CVE-2020-11619, CVE-2019-20330, CVE-2020-11620, CVE-2018-14719, CVE-2019-17531, CVE-2019-14540, CVE-2020-9546, CVE-2019-16942, CVE-2019-16943, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2019-17267, CVE-2019-16335, CVE-2018-14721, CVE-2019-14893, CVE-2020-8840, CVE-2018-14720, CVE-2019-14892, CVE-2017-5645, CVE-2019-5736, CVE-2014-0048, CVE-2019-15752, CVE-2018-1270, CVE-2020-1938



--
This message was sent by Atlassian Jira
(v8.3.4#803005)