<!-- 
RSS generated by JIRA (9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b) at Mon Feb 12 02:16:28 CET 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>Magnolia - Issue tracker</title>
    <link>https://jira.magnolia-cms.com</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-uk</language>    <build-info>
        <version>9.4.2</version>
        <build-number>940002</build-number>
        <build-date>19-01-2023</build-date>
    </build-info>


<item>
            <title>[JSFIELD-35] Major vulnerability in maven:org.yaml:snakeyaml:1.33</title>
                <link>https://jira.magnolia-cms.com/browse/JSFIELD-35</link>
                <project id="17181" key="JSFIELD">Java Script UI (App and Dialog Fields)</project>
                    <description>&lt;p&gt;The current version of the JSFIELD module&#160;&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
&amp;lt;dependency&amp;gt;
  &amp;lt;groupId&amp;gt;info.magnolia.ui&amp;lt;/groupId&amp;gt;
  &amp;lt;artifactId&amp;gt;magnolia-ui-framework-javascript&amp;lt;/artifactId&amp;gt;
  &amp;lt;version&amp;gt;2.0&amp;lt;/version&amp;gt;
&amp;lt;/dependency&amp;gt;&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;is dependent on maven:org.yaml:snakeyaml:1.33&lt;/p&gt;

&lt;p&gt;This dependency contains 1 medium and 1 major severity security issue and should be replaced:&lt;br/&gt;
&lt;a href=&quot;https://devhub.checkmarx.com/cve-details/CVE-2022-41854/?utm_source=jetbrains&amp;amp;utm_medium=referral&amp;amp;utm_campaign=idea&amp;amp;utm_term=maven&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://devhub.checkmarx.com/cve-details/CVE-2022-41854/?utm_source=jetbrains&amp;amp;utm_medium=referral&amp;amp;utm_campaign=idea&amp;amp;utm_term=maven&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://devhub.checkmarx.com/cve-details/CVE-2022-1471/?utm_source=jetbrains&amp;amp;utm_medium=referral&amp;amp;utm_campaign=idea&amp;amp;utm_term=maven&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://devhub.checkmarx.com/cve-details/CVE-2022-1471/?utm_source=jetbrains&amp;amp;utm_medium=referral&amp;amp;utm_campaign=idea&amp;amp;utm_term=maven&lt;/a&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="131590">JSFIELD-35</key>
            <summary>Major vulnerability in maven:org.yaml:snakeyaml:1.33</summary>
                <type id="4" iconUrl="https://jira.magnolia-cms.com/secure/viewavatar?size=xsmall&amp;avatarId=10890&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="10000" iconUrl="https://jira.magnolia-cms.com/images/icons/priorities/critical.svg">High</priority>
                        <status id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="1">Fixed</resolution>
                                        <assignee username="tmiyar">Teresa Miyar</assignee>
                                    <reporter username="mevelt">Michael Evelt</reporter>
                        <labels>
                    </labels>
                <created>Tue, 18 Apr 2023 10:42:12 +0200</created>
                <updated>Wed, 24 Jan 2024 20:22:52 +0100</updated>
                            <resolved>Mon, 25 Sep 2023 16:35:53 +0200</resolved>
                                    <version>2.0</version>
                                    <fixVersion>2.0.2</fixVersion>
                                        <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="353154" author="tmiyar" created="Tue, 18 Apr 2023 10:56:32 +0200"  >&lt;p&gt;Hi,&lt;/p&gt;

&lt;p&gt;Thank you for informing us, we will update it asap.&lt;/p&gt;</comment>
                            <comment id="353195" author="tmiyar" created="Tue, 18 Apr 2023 12:36:00 +0200"  >&lt;p&gt;Hi,&lt;/p&gt;

&lt;p&gt;It is a known issue that affects core, it is being handled already &lt;a href=&quot;https://jira.magnolia-cms.com/browse/MAGNOLIA-8879&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;https://jira.magnolia-cms.com/browse/MAGNOLIA-8879&lt;/a&gt;, we will update the dependency to Magnolia once it is solved&lt;/p&gt;</comment>
                            <comment id="353201" author="JIRAUSER23122" created="Tue, 18 Apr 2023 13:06:26 +0200"  >&lt;p&gt;Perfect!&lt;/p&gt;


&lt;p&gt;Could you inform me, as soon as the change is published, since I have no reading access to the referenced ticket.&lt;/p&gt;</comment>
                            <comment id="353216" author="tmiyar" created="Tue, 18 Apr 2023 13:39:31 +0200"  >&lt;p&gt;Yes, also, they have confirmed that Magnolia is not affected by any of those CVE&apos;s&lt;/p&gt;</comment>
                            <comment id="353224" author="JIRAUSER23122" created="Tue, 18 Apr 2023 13:57:43 +0200"  >&lt;p&gt;Hi,&lt;br/&gt;
that is good to know.&lt;/p&gt;</comment>
                            <comment id="357567" author="tmiyar" created="Wed, 17 May 2023 14:23:24 +0200"  >&lt;p&gt;Hi,&lt;/p&gt;

&lt;p&gt;Magnolia &lt;a href=&quot;https://jira.magnolia-cms.com/issues/?jql=project+%3D+MAGNOLIA+AND+fixVersion+%3D+6.2.34&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;6.2.34&lt;/a&gt; is out with the fix.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10360">
                    <name>Problem/Incident</name>
                                                                <inwardlinks description="is caused by">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                            <customfield id="customfield_14166" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Acceptance criteria</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                                    <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge aui-lozenge-complete" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>Empty</span></span></div>
                        ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10111" key="com.atlassian.jira.toolkit:reporterdomain">
                        <customfieldname>Company</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>lvm.de</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10031" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 18 Apr 2023 10:56:32 +0200</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_12730" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14151" key="com.atlassian.jira.toolkit:message">
                        <customfieldname>Docu info</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10061" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comm is not jira-dev</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10071" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last participant</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>czimmermann</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_13136" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            38 weeks, 4 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10020" key="com.atlassian.jira.toolkit:attachments">
                        <customfieldname>Number of attachments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10150" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname>Number of comments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>6.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>mevelt</customfieldvalue>
            <customfieldvalue>tmiyar</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_10833" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|y09qnm:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10244" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14145" key="com.intenso.jira.issue-templates:issue-templates-customfield">
                        <customfieldname>Template</customfieldname>
                        <customfieldvalues>
                            

    <customfieldvalue>Default subtasks template</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_15131" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Time in Discovery</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_13933" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Urgency (resolution)</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="15724"><![CDATA[Normal]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                </customfields>
    </item>
</channel>
</rss>