-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72612/#review221044
-----------------------------------------------------------


Ship it!




Ship It!

- Sarath Subramanian


On June 22, 2020, 7:53 a.m., Mandar Ambawane wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72612/
> -----------------------------------------------------------
> 
> (Updated June 22, 2020, 7:53 a.m.)
> 
> 
> Review request for atlas, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, 
> and Sarath Subramanian.
> 
> 
> Bugs: ATLAS-3854
>     https://issues.apache.org/jira/browse/ATLAS-3854
> 
> 
> Repository: atlas
> 
> 
> Description
> -------
> 
> Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x 
> prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed 
> null initialization vector with CBC Mode in the implementation of the 
> queryable text encryptor. A malicious user with access to the data that has 
> been encrypted using such an encryptor may be able to derive the unencrypted 
> values using a dictionary attack.
> 
> To resolve this need to upgrade Spring security to 4.2.16
> 
> 
> Diffs
> -----
> 
>   pom.xml 8d02a6f 
> 
> 
> Diff: https://reviews.apache.org/r/72612/diff/1/
> 
> 
> Testing
> -------
> 
> PreCommit: 
> https://builds.apache.org/job/PreCommit-ATLAS-Build-Test/1970/console
> 
> 
> Thanks,
> 
> Mandar Ambawane
> 
>

Reply via email to