0004307: Upgrade libraries with known vulnerabilities - SymmetricDS

ID	Project	Category	View Status	Date Submitted	Last Update

0004307	SymmetricDS	Bug	public	2020-03-09 18:53	2020-03-17 18:43

Reporter	elong	Assigned To	elong
Priority	high
Status	closed	Resolution	fixed
Product Version	3.10.0
Target Version	3.11.7	Fixed in Version	3.11.7

Summary	0004307: Upgrade libraries with known vulnerabilities
Description	In most cases, we're not using the vulnerable part of the library, but it's safer to just upgrade and avoid the assessment from security scans. jackson-databind-2.9.8.jar -> 2.10.3 bcprov-jdk15on-1.59.jar -> 1.64 commons-beanutils-1.9.3.jar -> 1.9.4 spring-web-5.1.7.RELEASE.jar -> 5.2.3 jetty-9.4.19.v20190610 -> 9.4.26.v20200117
Tags	No tags attached.

Date Modified	Username	Field	Change
2020-03-09 18:53	elong	New Issue
2020-03-09 18:53	elong	Status	new => assigned
2020-03-09 18:53	elong	Assigned To	=> elong
2020-03-09 18:53	elong	Issue generated from: 0004306
2020-03-09 18:58	elong	Status	assigned => resolved
2020-03-09 18:58	elong	Resolution	open => fixed
2020-03-09 18:58	elong	Fixed in Version	=> 3.11.7
2020-03-09 19:00	admin	Changeset attached	=> SymmetricDS 3.11 54354257
2020-03-17 18:43	admin	Status	resolved => closed

SymmetricDS: 3.11 54354257 2020-03-09 14:54:20 admin Details Diff	0004307: Upgrade libraries with known vulnerabilities		Affected Issues 0004307
	mod - symmetric-core/src/main/java/org/jumpmind/symmetric/service/impl/BandwidthService.java		Diff File