[ATLAS-3854] Upgrade Spring Security version to 4.2.16 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.1.0
Component/s: atlas-core
Labels:
None

Description

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

To resolve this need to upgrade Spring security to 4.2.16

Attachments

Issue Links

links to

Code review

Precommit (branch-2.0)

Precommit (master)

Activity

People

Assignee:: Mandar Ambawane

Reporter:: Mandar Ambawane

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Jun/20 10:22

Updated:: 22/Jun/20 20:06

Resolved:: 22/Jun/20 20:06