[jbosstools-issues] [JBoss JIRA] (JBIDE-26302) Reduce CVE issues in JBT seam bundles

Nick Boldt (JIRA) issues at jboss.org
Fri Aug 10 13:18:00 EDT 2018 

Nick Boldt created JBIDE-26302:
----------------------------------

             Summary: Reduce CVE issues in JBT seam bundles
                 Key: JBIDE-26302
                 URL: https://issues.jboss.org/browse/JBIDE-26302
             Project: Tools (JBoss Tools)
          Issue Type: Bug
          Components: central-update
            Reporter: Nick Boldt
            Assignee: Nick Boldt
             Fix For: 4.9.0.AM3


Some CVE issues exist in fuse bundles:

{code:title=unpacked/devstudio-12.9.0.AM2-v20180808-0721-B3149-updatesite-core/}
org.fusesource.ide.camel.model.service.impl.v2151redhat621216_11.1.0.v20180723-1842.jar/libs
org.fusesource.ide.camel.model.service.impl.v2151redhat621216_11.1.0.v20180723-1842.jar/libs/camel-core-2.15.1.redhat-621216.jar/META-INF/maven/org.apache.camel/camel-core
org.fusesource.ide.camel.model.service.impl.v2170redhat630347_11.1.0.v20180725-0619.jar/libs
org.fusesource.ide.camel.model.service.impl.v2170redhat630347_11.1.0.v20180725-0619.jar/libs/camel-core-2.17.0.redhat-630347.jar/META-INF/maven/org.apache.camel/camel-core
org.fusesource.ide.camel.model.service.impl.v2181redhat000021_11.1.0.v20180723-1842.jar/libs
org.fusesource.ide.camel.model.service.impl.v2181redhat000021_11.1.0.v20180723-1842.jar/libs/camel-core-2.18.1.redhat-000021.jar/META-INF/maven/org.apache.camel/camel-core
org.fusesource.ide.camel.model.service.impl.v2181redhat000021_11.1.0.v20180723-1842.jar/libs/camel-core-2.18.1.redhat-000021.jar/META-INF/maven/org.apache.camel/spi-annotations
org.fusesource.ide.camel.model.service.impl.v2203_11.1.0.v20180723-1842.jar/libs
org.fusesource.ide.camel.model.service.impl.v2210fuse000077redhat1_11.1.0.v20180723-1842.jar/libs
org.fusesource.ide.camel.model.service.impl_11.1.0.v20180801-0947.jar/libs
org.fusesource.ide.jmx.activemq_11.1.0.v20180723-1842.jar/libs
org.fusesource.ide.wsdl2rest_11.1.0.v20180807-1302.jar/libs{code}

Verification: check if we have fewer CVEs after updating to newer version of fuse 11.1.x:

https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report/lastBuild/dependency-check-jenkins-pluginResult/HIGH/ vs. #103
https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report-merged/lastBuild/dependency-check-jenkins-pluginResult/HIGH/ vs. build #87




--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jbosstools-issues mailing list