[JBoss JIRA] (TEIID-5823) CVE's in jboss-fuse/teiid

Tuesday, 15 October 2019

    [
https://issues.jboss.org/browse/TEIID-5823?page=com.atlassian.jira.plugin...
] 

Steven Hawkins commented on TEIID-5823:
---------------------------------------

The lucene change is from 5.5.4 to 7.1.0.  This is used by hibernate-search-engine under
infinispan.  Even the latest version of that dependency uses 5.5.5.  Upstream I'm
going to update our infinispan dependency, but otherwise remove the lucene change.  The
expectation is that infinispan and/or hibernate will address this.

...
 CVE's in jboss-fuse/teiid
 -------------------------

                 Key: TEIID-5823
                 URL: https://issues.jboss.org/browse/TEIID-5823
             Project: Teiid
          Issue Type: Quality Risk
          Components: Build/Kits
    Affects Versions: 13.x, 12.3.1
            Reporter: Van Halbert
            Assignee: Van Halbert
            Priority: Blocker
             Fix For: 13.0, 7.5-12.3.1

 *Branch/Tag*: 12.3.1.fuse-750011-redhat-00001
 * *Severity*: {color:#f9423a}High{color}
 1.  apache commons collections
 *  Vulnerability ID: CVE-2015-6420
 2.  org.apache.lucene:lucene-queryparser - Remote Code Execution (RCE)
 * Vulnerability ID: CVE-2017-12629
 3.  org.slf4j:slf4j-ext - Access Restriction Bypass
 *  Vulnerability ID: CVE-2018-8088
 These changes will be committed to the teiid/teiid product branch 7.5-12.3.x and to
master. 

--
This message was sent by Atlassian Jira
(v7.13.8#713008)

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009