Actions
Bug #26707
open
Upgrade spring security dependency to correct CVE-2025-22228
Status:
Pending technical review
Priority:
N/A
Assignee:
Category:
Security
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
There's a funny, low impact CVE (CVE-2025-22228) impacting us. Hopefully, no user used more than 72 chars pass :)
NOTE: we don't even use that implementation of bcrypt (we use the one from bouncycastle, which seems to be clean). But green must be green for CISO.
Updated by François ARMAND 10 days ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder/pull/6315
Actions