Issue: #52 (closed)
WhiteSource's Security vulnerabilities list contains alerts:
- spring-web-5.3.6.jar
- netty-codec-4.1.63.Final.jar
- netty-codec-4.1.63.Final.jar
- spring-security-oauth2-client-5.4.6.jar
- netty-all-4.1.63.Final.jar
- netty-handler-4.1.63.Final.jar
- gson-2.8.5.jar
- json-smart-2.4.2.jar
Alerts descriptions:
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-22118
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-37136
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-37137
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-22119
- https://github.com/netty/netty/issues/10362
- https://github.com/google/gson/pull/1991
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-31684
Updates:
- spring-boot.version: 2.4.5 -> 2.4.12
- netty-bom.version: 4.1.63.Final -> 4.1.70.Final
- json-smart.version: 2.4.7
- gson.version: 2.8.5 -> 2.8.9
Successful pipeline: https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/pipelines/77632
Related MRs:
- os-core-lib-azure: osdu/platform/system/lib/cloud/azure/os-core-lib-azure!165 (merged)
- entitlements: osdu/platform/security-and-compliance/entitlements!149 (merged)
-
partition: osdu/platform/system/partition!117 (merged)
- Successful pipeline: https://community.opengroup.org/osdu/platform/system/partition/-/pipelines/78619
- Successful pipeline: https://community.opengroup.org/osdu/platform/system/partition/-/pipelines/78619
- unit-service: osdu/platform/system/reference/unit-service!115 (merged)
- crs-conversion-service: osdu/platform/system/reference/crs-conversion-service!90 (merged)
- crs-catalog-service: osdu/platform/system/reference/crs-catalog-service!78 (merged)