----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72612/#review221044 -----------------------------------------------------------
Ship it! Ship It! - Sarath Subramanian On June 22, 2020, 7:53 a.m., Mandar Ambawane wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72612/ > ----------------------------------------------------------- > > (Updated June 22, 2020, 7:53 a.m.) > > > Review request for atlas, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, > and Sarath Subramanian. > > > Bugs: ATLAS-3854 > https://issues.apache.org/jira/browse/ATLAS-3854 > > > Repository: atlas > > > Description > ------- > > Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x > prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed > null initialization vector with CBC Mode in the implementation of the > queryable text encryptor. A malicious user with access to the data that has > been encrypted using such an encryptor may be able to derive the unencrypted > values using a dictionary attack. > > To resolve this need to upgrade Spring security to 4.2.16 > > > Diffs > ----- > > pom.xml 8d02a6f > > > Diff: https://reviews.apache.org/r/72612/diff/1/ > > > Testing > ------- > > PreCommit: > https://builds.apache.org/job/PreCommit-ATLAS-Build-Test/1970/console > > > Thanks, > > Mandar Ambawane > >