You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Pradeep Agrawal (Jira)" <ji...@apache.org> on 2022/04/04 07:22:00 UTC
[jira] [Resolved] (RANGER-3691) Upgrade spring to 5.3.18 CVE-2022-22965
[ https://issues.apache.org/jira/browse/RANGER-3691?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pradeep Agrawal resolved RANGER-3691.
-------------------------------------
Fix Version/s: 3.0.0
Assignee: kirby zhou
Resolution: Fixed
Commit link : https://github.com/apache/ranger/commit/9ffa882f731a3d13c6d0bc0791b2363fb9289672
> Upgrade spring to 5.3.18 CVE-2022-22965
> ---------------------------------------
>
> Key: RANGER-3691
> URL: https://issues.apache.org/jira/browse/RANGER-3691
> Project: Ranger
> Issue Type: Bug
> Components: admin, kms
> Reporter: kirby zhou
> Assignee: kirby zhou
> Priority: Blocker
> Fix For: 3.0.0
>
>
> [https://tanzu.vmware.com/security/cve-2022-22965|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965]
> [https://github.com/spring-projects/spring-framework/releases]
>
> Spring has a new 0day Remote-Code-Execution problem, related to spring-beans and JDK9+
> Fixed at spring 5.3.18 / 5.2.20
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)