[
https://issues.apache.org/jira/browse/ATLAS-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17142382#comment-17142382
]
ASF subversion and git services commented on ATLAS-3854:
--------------------------------------------------------
Commit c8cf4765bb519fbe4cd4962ce9ab22999fdfaa4b in atlas's branch
refs/heads/master from Mandar Ambawane
[ https://gitbox.apache.org/repos/asf?p=atlas.git;h=c8cf476 ]
ATLAS-3854 Upgrade Spring Security version to 4.2.16
Signed-off-by: Sarath Subramanian <sar...@apache.org>
> Upgrade Spring Security version to 4.2.16
> -----------------------------------------
>
> Key: ATLAS-3854
> URL: https://issues.apache.org/jira/browse/ATLAS-3854
> Project: Atlas
> Issue Type: Bug
> Reporter: Mandar Ambawane
> Assignee: Mandar Ambawane
> Priority: Major
>
> Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x
> prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed
> null initialization vector with CBC Mode in the implementation of the
> queryable text encryptor. A malicious user with access to the data that has
> been encrypted using such an encryptor may be able to derive the unencrypted
> values using a dictionary attack.
> To resolve this need to upgrade Spring security to 4.2.16
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
