Actions
Bug #23983
closedUnimportant CVE on logback and icu4j
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
- logback, same as https://issues.rudder.io/issues/23982
- icu4j-23.1.1.jar: CVE-2016-6293(9.8), CVE-2011-4599(7.5), CVE-2016-7415(9.8), CVE-2014-7926(7.5), CVE-2017-17484(9.8), CVE-2017-7867(7.5), CVE-2014-9911(9.8), CVE-2014-7923(7.5), CVE-2020-10531(8.8), CVE-2014-8147(7.5), CVE-2014-9654(9.8), CVE-2014-7940(7.5), CVE-2017-14952(9.8), CVE-2017-7868(7.5), CVE-2014-8146(7.5), CVE-2015-5922(10.0) => false positive because the scanner believes we're using icu4j 23.1.1 (that version doesn't even exists), while we are using graalvm 23.1.1 that shadows icu4j.
Updated by François ARMAND 12 months ago
- Status changed from New to In progress
- Assignee set to François ARMAND
Updated by François ARMAND 12 months ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder/pull/5306
Updated by Anonymous 12 months ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|146f82f541a154db9c96ac4cb6cd44d605cca72d.
Updated by Vincent MEMBRÉ 9 months ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 8.1.0~alpha1 which was released today.
Actions