Uploaded image for project: 'WebTop'
  1. WebTop
  2. WT-1100

Bump libraries versions

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Medium
    • Resolution: Done
    • Core
    • None
    • 0.0.0
    • develop
    • 5.14.0
    • wt-5.17.0
    • 0535

    Description

      Many of internal dependency libraries are outdated, we need to upgrade them:

      • HikariCP
        We are using an unsupported package compiled for Java7
      • SLF4J
        Recent issues that affected Log4j pushed some internal changes to make implemetation more robust
      • Logback
        Recent issues that affected Log4j pushed some internal changes to make implemetation more robust
      • Apache HTTPClient (< 4.5.13)
        Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
      • PostgreSQL driver (< 42.3.3)
        Vulnerabilities: Arbitrary File Write + Unchecked Class Instantiation when providing Plugin Classes
      • Apache Commons Configuration (< 2.7)
        Vulnerabilities: Remote code execution
      • Apache Commons IO (< 2.7)
        Vulnerabilities: Path Traversal and Improper Input Validation
      • Apache Xerces2 (< 2.12.0)
        Vulnerabilities: Infinite Loop + Denial of service

      Attachments

        Activity

          People

            Unassigned Unassigned
            matteo.albinola Matteo Albinola
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Packages

                Version Package