<!-- 
RSS generated by JIRA (9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b) at Sun Feb 11 23:46:41 CET 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>Magnolia - Issue tracker</title>
    <link>https://jira.magnolia-cms.com</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-uk</language>    <build-info>
        <version>9.4.2</version>
        <build-number>940002</build-number>
        <build-date>19-01-2023</build-date>
    </build-info>


<item>
            <title>[BUILD-946] Dismiss false positive protobuf vulnerability (CVE-2022-3509)</title>
                <link>https://jira.magnolia-cms.com/browse/BUILD-946</link>
                <project id="10330" key="BUILD">Build</project>
                    <description>&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
One or more dependencies were identified with known vulnerabilities in Magnolia DX Core webapp: 

[|https:&lt;span class=&quot;code-comment&quot;&gt;//jenkins.magnolia-cms.com/blue/organizations/jenkins/internal%2Fnightly-cve-scan/detail/master/836/pipeline#step-56-log-207]protobuf-java-3.19.6.jar (pkg:maven/com.google.protobuf/protobuf-java@3.19.6, cpe:2.3:a:google:protobuf-java:3.19.6:*:*:*:*:*:*:*) : CVE-2022-3509&#160;&lt;/span&gt;&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;No id according to &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-3509&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-3509&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;According to &lt;a href=&quot;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509&lt;/a&gt;&lt;/p&gt;
&lt;blockquote&gt;&lt;p&gt;A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack.&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;&lt;b&gt;Looks like a false positive: Magnolia uses version 3.19.6, therefore it should not be affected. CVE will be dismissed.&lt;/b&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="122279">BUILD-946</key>
            <summary>Dismiss false positive protobuf vulnerability (CVE-2022-3509)</summary>
                <type id="3" iconUrl="https://jira.magnolia-cms.com/secure/viewavatar?size=xsmall&amp;avatarId=10898&amp;avatarType=issuetype">Task</type>
                                            <priority id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/priorities/neutral.gif">Neutral</priority>
                        <status id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="11">Done</resolution>
                                        <assignee username="fgrilli">Federico Grilli</assignee>
                                    <reporter username="fgrilli">Federico Grilli</reporter>
                        <labels>
                            <label>security</label>
                    </labels>
                <created>Mon, 14 Nov 2022 09:20:15 +0100</created>
                <updated>Thu, 8 Dec 2022 08:59:48 +0100</updated>
                            <resolved>Wed, 30 Nov 2022 10:30:12 +0100</resolved>
                                    <version>BOM 5.7.24</version>
                    <version>BOM 6.2.26</version>
                                                    <component>BOM</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                        <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                            <customfield id="customfield_14166" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Acceptance criteria</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                        
        <div style="margin-bottom: 8px;">
                            <div class="o-completion" style="display: flex; flex-shrink: 0;"><span title="All items are completed" class="aui-lozenge aui-lozenge-success" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" fill="white" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M8.44414 2.77002H2.54536C1.45943 2.77002 0.579102 3.65034 0.579102 4.73628V12.6013C0.579102 13.6873 1.45943 14.5676 2.54536 14.5676H10.4104C11.4963 14.5676 12.3767 13.6873 12.3767 12.6013V6.70259H11.7212V12.6013C11.7212 13.3253 11.1344 13.9122 10.4104 13.9122H2.54536C1.8214 13.9122 1.23452 13.3253 1.23452 12.6013V4.73628C1.23452 4.01232 1.8214 3.42544 2.54536 3.42544H8.44414V2.77002Z" /><path d="M5.09049 10.1853L3.26282 8.3576L2.47803 9.14239L5.09049 11.7549L10.478 6.36731L9.69323 5.58252L5.09049 10.1853Z" /><path d="M14.4013 4.06384L12.9712 3.18904L14.4013 2.31423C14.4259 2.29915 14.4435 2.27493 14.4503 2.24685C14.457 2.21876 14.4523 2.18915 14.4373 2.16455L14.0171 1.47762C13.9858 1.42635 13.9187 1.41019 13.8674 1.44154L12.5022 2.27667V0.676237C12.5022 0.61615 12.4535 0.567383 12.3934 0.567383H11.5883C11.5282 0.567383 11.4794 0.61615 11.4794 0.676237V2.27667L10.1142 1.44159C10.0628 1.41024 9.99587 1.42635 9.96452 1.47768L9.54429 2.16461C9.52927 2.18921 9.52459 2.21881 9.53134 2.2469C9.53809 2.27498 9.55572 2.2992 9.58032 2.31428L11.0105 3.18904L9.58032 4.06384C9.55572 4.07887 9.53809 4.10314 9.53134 4.13117C9.52459 4.15931 9.52927 4.18892 9.54429 4.21352L9.96452 4.90039C9.99587 4.95166 10.0628 4.96788 10.1142 4.93653L11.4794 4.1014V5.70183C11.4794 5.76192 11.5282 5.81069 11.5883 5.81069H12.3934C12.4535 5.81069 12.5022 5.76192 12.5022 5.70183V4.10145L13.8674 4.93648C13.9187 4.96783 13.9858 4.95166 14.0171 4.90045L14.4374 4.21352C14.4524 4.18892 14.4571 4.15931 14.4503 4.13123C14.4436 4.10309 14.4259 4.07892 14.4013 4.06384Z" /></svg></span><span>1/1</span></span></div>
                    
            <div class="checklist-progress-bar-wrapper" style="">
        <div class="checklist-progress-bar" style="position: relative; width: 100%; background-color: #cccccc; margin-bottom: 2px; margin-top: 5px;">
                        <div class="checklist-progress" style="display: block; float: none; width: 100%; height: 2px; background: #14892c;">
                            </div>
        </div>
    </div>
        </div>
    
                                    <div style="display: flex; align-items: flex-start; padding: 0; margin-left: 12px; float: none; font-size: 14px;">
                                                                <span style="padding-right: 5px; align-self: flex-start;">
                                <svg width="22" height="22" viewBox="0 0 22 22" fill="none" xmlns="http://www.w3.org/2000/svg" class="checked"><path d="m21.530642,5.91574l-2.18201,-1.33473l2.18193,-1.33473c0.03753,-0.023 0.06444,-0.05996 0.07473,-0.10281c0.0103,-0.04285 0.00316,-0.08802 -0.01976,-0.12555l-0.64117,-1.04808c-0.04774,-0.07822 -0.15013,-0.10288 -0.22836,-0.05505l-2.08286,1.27419l0,-2.44184c0,-0.09168 -0.0744,-0.16609 -0.16608,-0.16609l-1.22844,0c-0.09168,0 -0.16608,0.07441 -0.16608,0.16609l0,2.44184l-2.08294,-1.27411c-0.07839,-0.04783 -0.18053,-0.02325 -0.22836,0.05506l-0.64117,1.04807c-0.02292,0.03753 -0.03006,0.08271 -0.01976,0.12556c0.01029,0.04285 0.0372,0.0798 0.07473,0.1028l2.18201,1.33465l-2.18201,1.33473c-0.03753,0.02292 -0.06444,0.05996 -0.07473,0.10273c-0.0103,0.04293 -0.00316,0.0881 0.01976,0.12564l0.64117,1.04799c0.04783,0.07822 0.14997,0.10297 0.22836,0.05514l2.08294,-1.2742l0,2.44185c0,0.09167 0.0744,0.16608 0.16608,0.16608l1.22844,0c0.09168,0 0.16608,-0.07441 0.16608,-0.16608l0,-2.44177l2.08294,1.27403c0.07823,0.04783 0.18062,0.02317 0.22837,-0.05497l0.64116,-1.04807c0.02292,-0.03754 0.03006,-0.08271 0.01977,-0.12556c-0.01022,-0.04293 -0.03721,-0.0798 -0.07474,-0.10281z" fill="#778899" /><path clip-rule="evenodd" d="m12.4779,3.94141l-9.03649,0c-1.65686,0 -3,1.34315 -3,3.00001l0,12c0,1.6568 1.34314,3 3,3l11.99999,0c1.6569,0 3,-1.3432 3,-3l0,-9.01487c-0.1928,0.02079 -0.3886,0.03146 -0.5869,0.03146c-0.9504,0 -1.8435,-0.24504 -2.6197,-0.6754l0.2066,0.20658l-8.0813,8.08133l-3.91869,-3.9187l1.17718,-1.1772l2.74151,2.7415l6.7567,-6.75675c-1.0305,-0.98505 -1.6725,-2.37332 -1.6725,-3.91151c0,-0.20501 0.0114,-0.40736 0.0336,-0.60645z" fill="#778899" fill-rule="evenodd" /></svg>
                        </span>
                                        <div style="cursor: default; text-align: left; flex-grow: 1; padding-right: 3px; margin-top: 2px;">
                                                
                                                
                                                <span style="text-decoration: line-through;">
                                                        <span>Remove temp suppression at https://git.magnolia-cms.com/projects/INTERNAL/repos/owasp-suppressionfiles/browse/files/dependency-check-dismissed-suppression.xml</span>

                        </span>
                    </div>
                                                                    <span style="padding-right: 1px; white-space: nowrap;">
                                                        
                                                        
                                                                                </span>
                                    </div>
                                            ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10111" key="com.atlassian.jira.toolkit:reporterdomain">
                        <customfieldname>Company</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>magnolia-cms.com</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_12730" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14151" key="com.atlassian.jira.toolkit:message">
                        <customfieldname>Docu info</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10061" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comm is not jira-dev</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>false</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10071" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last participant</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>had</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_13136" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            1 year, 12 weeks, 6 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10020" key="com.atlassian.jira.toolkit:attachments">
                        <customfieldname>Number of attachments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10150" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname>Number of comments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>fgrilli</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_10833" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|y08b4a:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10244" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_14167" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Task DoR</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                                    <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge aui-lozenge-complete" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>Empty</span></span></div>
                        ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_12430" key="com.atlassian.teams:rm-teams-custom-field-team">
                        <customfieldname>Team</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[30]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_14145" key="com.intenso.jira.issue-templates:issue-templates-customfield">
                        <customfieldname>Template</customfieldname>
                        <customfieldvalues>
                            


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_15131" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Time in Discovery</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_13933" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Urgency (resolution)</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="15724"><![CDATA[Normal]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                </customfields>
    </item>
</channel>
</rss>