Vulnerabilities in Hazelcast Eureka used by Hazelcast Jet Enterprise Openshift

[gurbuzali]

openshift image uses Hazelcast Eureka version 1.1.2 which depends on some libraries with vulnerabilities

It depends com.fasterxml.jackson.core:jackson-databind:2.8.7 which includes following vulnerability

• https://nvd.nist.gov/vuln/detail/CVE-2019-12384 fixed in version 2.9.10

it depends org.apache.httpcomponents:httpclient:4.5.3 which includes following vulnerability

• CVE-2020-13956 fixed in version 4.5.13

It depends org.apache.logging.log4j:log4j-core:2.12.1 which includes following vulnerability

• CVE-2020-9488 fixed in version 2.13.2

It depends com.thoughtworks.xstream:xstream:1.4.11.1 which includes following vulnerabilities

• https://nvd.nist.gov/vuln/detail/CVE-2021-21342, https://nvd.nist.gov/vuln/detail/CVE-2021-21344, https://nvd.nist.gov/vuln/detail/CVE-2021-21345, https://nvd.nist.gov/vuln/detail/CVE-2021-21346, https://nvd.nist.gov/vuln/detail/CVE-2021-21347, https://nvd.nist.gov/vuln/detail/CVE-2021-21350, https://nvd.nist.gov/vuln/detail/CVE-2021-21351, fixed in version 1.4.16
• https://nvd.nist.gov/vuln/detail/CVE-2020-26217 fixed in version 1.4.14-jdk7
• https://nvd.nist.gov/vuln/detail/CVE-2020-26258 fixed in version 1.4.15
• https://nvd.nist.gov/vuln/detail/CVE-2021-21341, https://nvd.nist.gov/vuln/detail/CVE-2021-21343, https://nvd.nist.gov/vuln/detail/CVE-2021-21348, https://nvd.nist.gov/vuln/detail/CVE-2021-21349 fixed in version 1.4.16
• https://nvd.nist.gov/vuln/detail/CVE-2021-29505 fixed in version 1.4.17
• https://nvd.nist.gov/vuln/detail/CVE-2020-26259 fixed in version 1.4.15

[gurbuzali]

these vulnerabilities are fixed in this branch