search

jpos / jPOS-EE

jPOS Extended Edition
http://jpos.org
GNU Affero General Public License v3.0
107 stars 152 forks source link

Upgrade Versions - Fix Security Vulnerabilities #303

Closed flamaral256 closed 5 months ago

ar commented 6 months ago

Please detail which security vulnerabilities this PR addresses.

flamaral256 commented 6 months ago

Vulnerabilities + upgrades in this pull request:

org.slf4j:slf4j-api just upgrade version to last stable

ch.qos.logback:logback-classic CVE-2023-6378

org.hibernate:hibernate-core just upgrade version to last stable

org.eclipse.jetty:jetty-server just upgrade version to last stable

com.google.guava:guava CVE-2023-2976 CVE-2020-8908

org.jline:jline Vulnerabilities from dependencies: CVE-2023-35887

io.netty:netty-handler CVE-2023-4586 CVE-2023-34462

mysql:mysql-connector-java Vulnerabilities from dependencies: CVE-2022-3510 CVE-2022-3509 CVE-2022-3171

com.mchange:c3p0 just upgrade version to last stable

org.postgresql:postgresql CVE-2024-1597 CVE-2022-41946 CVE-2022-31197 CVE-2022-26520 CVE-2022-21724

org.flywaydb:flyway-core Vulnerabilities from dependencies: CVE-2024-1597 CVE-2022-41946 CVE-2022-31197 CVE-2022-26520 CVE-2022-21724 CVE-2020-13692

org.elasticsearch.client:elasticsearch-rest-high-level-client Vulnerabilities from dependencies: CVE-2024-23450 CVE-2023-46673 CVE-2023-31419 CVE-2023-31418 CVE-2023-31417 CVE-2022-23710 CVE-2022-23708

org.json:json CVE-2023-5072 CVE-2022-45688