Project

General

Profile

Actions

Bug #24004

closed

Bug #24003: Update antisamy for security issue (CVE-2023-43643)

Add neko-htmlUnit as dependency due to security checks

Added by Vincent MEMBRÉ 11 months ago. Updated 10 months ago.

Status:
Released
Priority:
N/A
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Description

CVE https://nvd.nist.gov/vuln/detail/CVE-2023-49093 in neko < 3.9.0 is quite important. this is a dependency from antisamy that has been bumped to 2.7.4 in #24003

We also need to remove a dependency on batik-css that was needed in antisamy 2.7.3

Actions #1

Updated by Vincent MEMBRÉ 11 months ago

  • Target version set to 7.3
Actions #2

Updated by Vincent MEMBRÉ 11 months ago

  • Status changed from New to In progress
  • Assignee set to Vincent MEMBRÉ
Actions #3

Updated by Vincent MEMBRÉ 11 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Vincent MEMBRÉ to Clark ANDRIANASOLO
  • Pull Request set to https://github.com/Normation/rudder-plugins/pull/631
Actions #4

Updated by Anonymous 11 months ago

  • Status changed from Pending technical review to Pending release
Actions #5

Updated by Alexis Mousset 10 months ago

  • Fix check changed from To do to Checked
Actions #6

Updated by Vincent MEMBRÉ 10 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder plugin openscap v8.1.0.alpha1-2.1

Actions #7

Updated by Vincent MEMBRÉ 10 months ago

This bug has been fixed in Rudder plugin openscap v8.0.5-2.1

Actions #8

Updated by Vincent MEMBRÉ 10 months ago

This bug has been fixed in Rudder plugin openscap v7.3.11-2.1

Actions

Also available in: Atom PDF