Details
-
Dependency upgrade
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.17.0
-
None
Description
Update hawtio to 2.13.4.
The existing 2.13.2 version used by the console uses an older version of commons-io susceptible to a path traversal CVE https://nvd.nist.gov/vuln/detail/CVE-2021-29425, which affects < 2.7.0.
The only differences from 2.13.2 were dependency upgrades for commons-io and jackson to get various CVE fixes such as the above:
https://github.com/hawtio/hawtio/compare/hawtio-2.13.2...hawtio-2.13.4
Attachments
Issue Links
- is part of
-
ARTEMIS-3347 update commons-io
- Closed