As an Information Security Specialist I want that the latest versions of dependency packages are upgraded so that there are no known vulnerabilities - Githubissues

vrk-kpa / xroad-joint-development

Unmaintained repository. Development moved to: https://github.com/nordic-institute/X-Road-development

19 stars 8 forks source link

As an Information Security Specialist I want that the latest versions of dependency packages are upgraded so that there are no known vulnerabilities #167

Closed hanhaka closed 6 years ago

hanhaka commented 7 years ago

Affected components: jruby, apache-mime4j-core, jackson-databind Affected documentation: - Estimated delivery: Q3/2017 External reference: https://jira.csc.fi/browse/PVAYLADEV-834

Problem Following dependencies are recommended to upgrade to avoid possible vulnerabilities:

apache-mime4j-core (version 0.8.1 available, possible fixing OWASP scanner findings)
jackson-databind (version 2.8.6 available, possible fixing OWASP scanner findings)
jruby (version 1.7.27 available)

Acceptance criteria

Latest versions of above dependencies are upgraded

hanhaka commented 6 years ago

Fixed in 6.16.0, https://github.com/ria-ee/X-Road/pull/61