[jira] [Created] (ATLAS-3854) Upgrade Spring Security version to 4.2.16

Mandar Ambawane (Jira) Mon, 22 Jun 2020 03:24:03 -0700

Mandar Ambawane created ATLAS-3854:
--------------------------------------

             Summary: Upgrade Spring Security version to 4.2.16
                 Key: ATLAS-3854
                 URL: https://issues.apache.org/jira/browse/ATLAS-3854
             Project: Atlas
          Issue Type: Bug
            Reporter: Mandar Ambawane
            Assignee: Mandar Ambawane



Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x 
prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed 
null initialization vector with CBC Mode in the implementation of the queryable 
text encryptor. A malicious user with access to the data that has been 
encrypted using such an encryptor may be able to derive the unencrypted values 
using a dictionary attack.
To resolve this need to upgrade Spring security to 4.2.16



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (ATLAS-3854) Upgrade Spring Security version to 4.2.16

Reply via email to