-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72612/
-----------------------------------------------------------
(Updated June 22, 2020, 2:53 p.m.)
Review request for atlas, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues,
and Sarath Subramanian.
Summary (updated)
-----------------
ATLAS-3854: Upgrade Spring Security version to 4.2.16
Bugs: ATLAS-3854
https://issues.apache.org/jira/browse/ATLAS-3854
Repository: atlas
Description
-------
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x
prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed
null initialization vector with CBC Mode in the implementation of the queryable
text encryptor. A malicious user with access to the data that has been
encrypted using such an encryptor may be able to derive the unencrypted values
using a dictionary attack.
To resolve this need to upgrade Spring security to 4.2.16
Diffs
-----
pom.xml 8d02a6f
Diff: https://reviews.apache.org/r/72612/diff/1/
Testing
-------
PreCommit: https://builds.apache.org/job/PreCommit-ATLAS-Build-Test/1970/console
Thanks,
Mandar Ambawane
