Uploaded image for project: 'Talend Component Kit'
  1. Talend Component Kit
  2. TCOMP-2770

Upgrade cxf to 3.5.9

Apply templateInsert Lucidchart DiagramXMLWordPrintable

    • All
    • GreenHopper Ranking:
      0|i2ywwr:
    • 9223372036854775807
    • Small

      *Title: * [CVE-2024-29736] CWE-918: Server-Side Request Forgery (SSRF) (7.5); https://ossindex.sonatype.org/vulnerability/CVE-2024-29736?component-type=maven&component-name=org.apache.cxf%2Fcxf-core&utm_source=ossindex-client&utm_medium=integration&utm_content=1.1.1
      Description: Apache CXF™ is an open source services framework. CXF helps you build and develop services using frontend programming APIs, like JAX-WS and JAX-RS. These services can speak a variety of protocols such as SOAP, XML/HTTP, RESTful HTTP, or CORBA and work over a variety of transports such as HTTP, JMS or JBI.
      The Apache CXF team is proud to announce the availability of our latest patch releases! Over 19 JIRA issues were fixed for 4.0.5.

      These releases contain fixes for 3 different CVEs:

      https://cxf.apache.org/security-advisories.data/CVE-2024-29736.txt
      https://cxf.apache.org/security-advisories.data/CVE-2024-32007.txt
      https://cxf.apache.org/security-advisories.data/CVE-2024-41172.txt
      The bump is from version 3.5.8 to 3.5.9 because of this CVE.
      Related artifact: component-runtime/pom.xml, component-server-parent/component-server

      Coverage information

      As It is only use for component-server-parent/component-server, api test campaign and connectors build check should cover most of the risk during cxf bump

       

            acatoire Axel Catoire
            yyin Yueyan Yin
            Axel Catoire, Yueyan Yin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: