[teiid-issues] [JBoss JIRA] (TEIID-5823) CVE's in jboss-fuse/teiid
Steven Hawkins (Jira)
issues at jboss.org
Tue Oct 15 09:58:02 EDT 2019
[ https://issues.jboss.org/browse/TEIID-5823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13799711#comment-13799711 ]
Steven Hawkins commented on TEIID-5823:
---------------------------------------
The lucene change is from 5.5.4 to 7.1.0. This is used by hibernate-search-engine under infinispan. Even the latest version of that dependency uses 5.5.5. Upstream I'm going to update our infinispan dependency, but otherwise remove the lucene change. The expectation is that infinispan and/or hibernate will address this.
> CVE's in jboss-fuse/teiid
> -------------------------
>
> Key: TEIID-5823
> URL: https://issues.jboss.org/browse/TEIID-5823
> Project: Teiid
> Issue Type: Quality Risk
> Components: Build/Kits
> Affects Versions: 13.x, 12.3.1
> Reporter: Van Halbert
> Assignee: Van Halbert
> Priority: Blocker
> Fix For: 13.0, 7.5-12.3.1
>
>
> *Branch/Tag*: 12.3.1.fuse-750011-redhat-00001
> * *Severity*: {color:#f9423a}High{color}
> 1. apache commons collections
> * Vulnerability ID: CVE-2015-6420
> 2. org.apache.lucene:lucene-queryparser - Remote Code Execution (RCE)
> * Vulnerability ID: CVE-2017-12629
> 3. org.slf4j:slf4j-ext - Access Restriction Bypass
> * Vulnerability ID: CVE-2018-8088
> These changes will be committed to the teiid/teiid product branch 7.5-12.3.x and to master.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the teiid-issues
mailing list