Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
2.7.3
Description
The following 3rd party dependencies have to be eliminated/upgraded to a secure version based on the latest BlackDuck scan:
Current version | Upgrade to | CVE issue(s) |
---|---|---|
org.springframework:spring-web:jar:4.3.17.RELEASE | org.springframework:spring-web:jar:4.3.18.RELEASEĀ or the latest | CVE-2018-11039, CVE-2018-11040 |
jquery-1.8.3.min.js | 1.9.0rc1 or the latest | CVE-2011-4969, CVE-2015-9251, CVE-2012-6708 |
org.eclipse.jetty:jetty-server:jar:9.4.11.v20180605 | 9.4.12.v20180830 or the latest | CVE-2017-9735, CVE-2018-12536 |