Actions
Bug #24606
closedUpgrade postgresql since CVE-2024-1597 and ignore other JS CVEs
Pull Request:
Severity:
Trivial - no functional impact | cosmetic
UX impact:
User visibility:
Effort required:
Very Small
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
When running dependency checks :
[2024-03-27T16:17:11.576Z] icu4j-23.1.1.jar (pkg:maven/org.graalvm.shadowed/icu4j@23.1.1, cpe:2.3:a:icu-project:international_components_for_unicode:23.1.1:*:*:*:*:*:*:*, cpe:2.3:a:unicode:international_components_for_unicode:23.1.1:*:*:*:*:*:*:*, cpe:2.3:a:unicode:unicode:23.1.1:*:*:*:*:*:*:*) : CVE-2017-15396, CVE-2017-15422, CVE-2020-21913
[2024-03-27T16:17:11.576Z] lift-webkit_2.13-3.5.0.jar: ext-core-debug.js (pkg:javascript/ExtJS@3.1.0) : CVE-2010-4207, CVE-2012-5881
[2024-03-27T16:17:11.576Z] lift-webkit_2.13-3.5.0.jar: jquery-1.3.2.js (pkg:javascript/jquery@1.3.2) : jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
[2024-03-27T16:17:11.576Z] lift-webkit_2.13-3.5.0.jar: jquery-1.4.4.js (pkg:javascript/jquery@1.4.4) : jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
[2024-03-27T16:17:11.577Z] postgresql-42.7.0.jar (pkg:maven/org.postgresql/postgresql@42.7.0, cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.7.0:*:*:*:*:*:*:*) : CVE-2024-1597
The only potential issue is the one with postgresql which could be unsafe if the PreferQueryMode
JDBC option is changed.
We should upgrade to avoid being reported and risking this vulnerability.
Updated by Clark ANDRIANASOLO 9 months ago
- Status changed from New to In progress
Updated by Clark ANDRIANASOLO 9 months ago
- Status changed from In progress to Pending technical review
- Assignee changed from Clark ANDRIANASOLO to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder/pull/5545
Updated by Clark ANDRIANASOLO 9 months ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|28e4551cca687b4ee7464dbe76cf28a7ace00be3.
Updated by Vincent MEMBRÉ 9 months ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 8.1.0~rc1 which was released today.
Actions