Changes in Java Dependencies in v6.21.2
Central server
group | artifact | old version | new version | fixed CVEs |
|---|---|---|---|---|
net.java.dev.jna | jna | 4.2.2 | 4.5.2 | |
org.kohsuke | libpam4j | 1.8 | 1.11 | CVE-2017-12197 |
org.owasp.encoder | encoder | 1.2.1 | 1.2.2 | |
com.fasterxml.jackson.core | jackson-databind | 2.9.4 | 2.9.10 | CVE-2018-1000873, CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2018-7489, CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335 |
com.google.code.gson | gson | 2.7 | 2.8.5 | |
com.google.guava | guava | 26.0-jre | 28.0-jre | |
commons-configuration | commons-configuration | 1.9 | 1.10 | |
joda-time | joda-time | 2.1 | 2.10.3 | |
org.apache.commons | commons-lang3 | 3.4 | 3.9 | |
org.apache.james | apache-mime4j-core | 0.8.1 | 0.8.3 | |
org.apache.santuario | xmlsec | 2.0.8 | 2.1.4 | CVE-2019-12400 |
org.bouncycastle | bcpkix-jdk15on | 1.54 | 1.63 | CVE-2015-6644, CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427, CVE-2017-13098, CVE-2018-1000180, CVE-2018-1000613 |
org.eclipse.jetty | jetty-server | 9.4.14.v20181114 | 9.4.20.v20190813 | CVE-2019-10241, CVE-2019-10247 |
org.quartz-scheduler | quartz | 2.1.6 | 2.3.1 | |
org.slf4j | jcl-over-slf4j | 1.7.12 | 1.7.26 | |
xerces | xercesImpl | 2.11.0.SP5 | 2.12.0 |
Security server
group | artifact | old version | new version | Fixed CVEs |
|---|---|---|---|---|
net.java.dev.jna | jna | 4.2.2 | 4.5.2 | |
org.kohsuke | libpam4j | 1.8 | 1.11 | CVE-2017-12197 |
org.owasp.encoder | encoder | 1.2.1 | 1.2.2 | |
com.fasterxml.jackson.core | jackson-databind | 2.9.4 | 2.9.10 | CVE-2018-1000873, CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2018-7489, CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335 |
com.google.code.gson | gson | 2.7 | 2.8.5 | |
com.google.guava | guava | 26.0-jre | 28.0-jre | |
commons-configuration | commons-configuration | 1.9 | 1.10 | |
joda-time | joda-time | 2.1 | 2.10.3 | |
org.apache.commons | commons-lang3 | 3.4 | 3.9 | |
org.apache.james | apache-mime4j-core | 0.8.1 | 0.8.3 | |
org.apache.santuario | xmlsec | 2.0.8 | 2.1.4 | CVE-2019-12400 |
org.bouncycastle | bcpkix-jdk15on | 1.54 | 1.63 | CVE-2015-6644, CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346, CVE-2016-1000352, CVE-2016-2427, CVE-2017-13098, CVE-2018-1000180, CVE-2018-1000613 |
org.eclipse.jetty | jetty-server | 9.4.14.v20181114 | 9.4.20.v20190813 | CVE-2019-10241, CVE-2019-10247 |
org.quartz-scheduler | quartz | 2.1.6 | 2.3.1 | |
org.slf4j | jcl-over-slf4j | 1.7.12 | 1.7.26 | |
xerces | xercesImpl | 2.11.0.SP5 | 2.12.0 | |
org.eclipse.jetty | jetty-xml | 9.4.14.v20181114 | 9.4.20.v20190813 | CVE-2019-10241, CVE-2019-10247 |