[MGNLEE-601] DX Core - Manage three last libraries in dx-core CVE report Created: 19/Mar/20  Updated: 12/Feb/21  Resolved: 21/Mar/20

Status: Closed
Project: Magnolia DX Core
Component/s: None
Affects Version/s: None
Fix Version/s: 6.2

Type: Task Priority: Neutral
Reporter: Dai Ha Assignee: Dai Ha
Resolution: Fixed Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
clones BUILD-377 Manage three last libraries in dx-cor... Closed
is cloned by MGNLCE-222 CE - Manage three last libraries in d... Closed
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Epic Link: Security
Sprint: 6.2 Ramp-up 19, 6.2 Ramp-up 20
Story Points: 0

 Description   

commons-collections-3.1.jar

  • exclude in org.apache:jackrabbit-ocm:jar:2.0.0
  • check if any transitive commons-collections >= 3.2.2 drag in, otherwise manage the version in boms & sync with jackrabbit
  • re-check workflow functional

slf4j-ext-1.7.25

  • exclude in org.testcontainers:testcontainers
  • manage in pom, sync the version with current sl4j libs

groovy-all-2.2.1.jar

  • manage in boms, same version with groovy group
  • upgrade in magnolia-dx-core-integration-tests

postgresql-42.1.4.jre7.jar: notified cloud teams.


Generated at Mon Feb 12 05:31:34 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.