Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-3788

Upgrade spring to 5.3.20

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.2.0
    • 3.0.0
    • admin
    • None

    Description

      https://nvd.nist.gov/vuln/detail/CVE-2022-22970

      https://nvd.nist.gov/vuln/detail/CVE-2022-22971 

      https://github.com/spring-projects/spring-framework/releases/tag/v5.3.20 

      Spring seems to be vulnerable to DoS attacks when handling file uploads.

      We´ve got some Security Reports and need a fix in future releases.

      Upgrading to 5.3.20 should be enough.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. RANGER-4163 Upgrade spring framework to 5.3.26 and jettison to 1.5.4

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              z0ltrix Christian Pfarr
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h