----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72612/ -----------------------------------------------------------
(Updated June 22, 2020, 2:53 p.m.) Review request for atlas, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, and Sarath Subramanian. Summary (updated) ----------------- ATLAS-3854: Upgrade Spring Security version to 4.2.16 Bugs: ATLAS-3854 https://issues.apache.org/jira/browse/ATLAS-3854 Repository: atlas Description ------- Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. To resolve this need to upgrade Spring security to 4.2.16 Diffs ----- pom.xml 8d02a6f Diff: https://reviews.apache.org/r/72612/diff/1/ Testing ------- PreCommit: https://builds.apache.org/job/PreCommit-ATLAS-Build-Test/1970/console Thanks, Mandar Ambawane