Loading...

XML

Word

Printable

Type: Task
Resolution: Done
Priority: Neutral
Fix Version/s: Build Resources 1.6.11, POMs 42
Affects Version/s: None
Component/s: None
Labels:

Template:
Acceptance criteria:

Empty

show more show less
Task DoR:

Empty

show more show less
Story Points:
1

One or more dependencies were identified with known vulnerabilities in Magnolia DX Core webapp by CVE scan (see list below).

Luckily for us they're just mismatches: https://nvd.nist.gov/vuln/detail/CVE-2020-36460 and https://nvd.nist.gov/vuln/detail/CVE-2020-36448 concern some Rust library Magnolia doesn't use.

They'll be added to https://git.magnolia-cms.com/projects/BUILD/repos/poms/browse/build-resources/src/main/resources/magnolia-build-resources/dependency-check-mismatches-suppression.xml and also temporarily suppressed in dx-core (until next parent pom release).

kie-dmn-api-7.33.0.Final.jar (pkg:maven/org.kie/kie-dmn-api@7.33.0.Final, cpe:2.3:a:model_project:model:7.33.0:*:*:*:*:*:*:*) : CVE-2020-36460  
kie-dmn-feel-7.33.0.Final.jar (pkg:maven/org.kie/kie-dmn-feel@7.33.0.Final, cpe:2.3:a:model_project:model:7.33.0:*:*:*:*:*:*:*) : CVE-2020-36460
kie-dmn-model-7.33.0.Final.jar (pkg:maven/org.kie/kie-dmn-model@7.33.0.Final, cpe:2.3:a:model_project:model:7.33.0:*:*:*:*:*:*:*) : CVE-2020-36460 
kie-dmn-core-7.33.0.Final.jar (pkg:maven/org.kie/kie-dmn-core@7.33.0.Final, cpe:2.3:a:model_project:model:7.33.0:*:*:*:*:*:*:*) : CVE-2020-36460 
kie-dmn-backend-7.33.0.Final.jar (pkg:maven/org.kie/kie-dmn-backend@7.33.0.Final, cpe:2.3:a:model_project:model:7.33.0:*:*:*:*:*:*:*) : CVE-2020-36460
drools-canonical-model-7.33.0.Final.jar (pkg:maven/org.drools/drools-canonical-model@7.33.0.Final, cpe:2.3:a:model_project:model:7.33.0:*:*:*:*:*:*:*, cpe:2.3:a:redhat:drools:7.33.0:*:*:*:*:*:*:*) : CVE-2020-36460
pmml-model-1.4.11.jar (pkg:maven/org.jpmml/pmml-model@1.4.11, cpe:2.3:a:model_project:model:1.4.11:*:*:*:*:*:*:*) : CVE-2020-36460 
pmml-agent-1.4.11.jar (pkg:maven/org.jpmml/pmml-agent@1.4.11, cpe:2.3:a:model_project:model:1.4.11:*:*:*:*:*:*:*) : CVE-2020-36460 
kie-soup-project-datamodel-commons-7.33.0.Final.jar (pkg:maven/org.kie.soup/kie-soup-project-datamodel-commons@7.33.0.Final, cpe:2.3:a:model_project:model:7.33.0:*:*:*:*:*:*:*) : CVE-2020-36460 

magnolia-cache-core-5.9.4.jar (pkg:maven/info.magnolia.cache/magnolia-cache-core@5.9.4, cpe:2.3:a:cache_project:cache:5.9.4:*:*:*:*:*:*:*) : CVE-2020-36448 
magnolia-advanced-cache-2.3.4.jar (pkg:maven/info.magnolia.advancedcache/magnolia-advanced-cache@2.3.4, cpe:2.3:a:cache_project:cache:2.3.4:*:*:*:*:*:*:*) : CVE-2020-36448 
magnolia-advanced-cache-app-2.3.4.jar (pkg:maven/info.magnolia.advancedcache/magnolia-advanced-cache-app@2.3.4, cpe:2.3:a:cache_project:cache:2.3.4:*:*:*:*:*:*:*) : CVE-2020-36448 
magnolia-advanced-cache-dpc-2.3.4.jar (pkg:maven/info.magnolia.advancedcache/magnolia-advanced-cache-dpc@2.3.4, cpe:2.3:a:cache_project:cache:2.3.4:*:*:*:*:*:*:*) : CVE-2020-36448 
magnolia-advanced-cache-personalization-2.3.4.jar (pkg:maven/info.magnolia.advancedcache/magnolia-advanced-cache-personalization@2.3.4, cpe:2.3:a:cache_project:cache:2.3.4:*:*:*:*:*:*:*) : CVE-2020-36448

Acceptance criteria

Assignee:: Federico Grilli

Reporter:: Federico Grilli

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 17/Aug/21 10:19 AM

Updated:: 17/Aug/21 2:09 PM

Resolved:: 17/Aug/21 12:12 PM

Task DoR

Details

Description

Checklists

Attachments

Activity

People

Dates

Checklists