pentaho / pentaho-platform

Pentaho BA Server Core
http://www.pentaho.com
Other
473 stars 724 forks source link

Known Security Vulnerabilities to be fixed #4788

Open dicaeffe opened 3 years ago

dicaeffe commented 3 years ago

Hello, version 9.0 (and uppers) of Pentaho has few known CVEs (Common Vulnerabilities and Exposures) due to its dependencies.

Is possible to fix those security issues by updating the versions reported below?

Apache Axis2/Java

Apache Log4j - log4j

jackson-databind

karaf

org.apache.xmlgraphics:batik-bridge

dicaeffe commented 3 years ago

note: Bootstrap is recommended to be updated to 3.4.1

mariusssi commented 2 years ago

Hi. What about https://nvd.nist.gov/vuln/detail/CVE-2020-11987 ? Fix: batik 1.14

mariusssi commented 2 years ago

CVE-2022-21724 in postgresql, not fixed in 9.4.0.0-79