[ https://issues.apache.org/jira/browse/ATLAS-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sarath Subramanian updated ATLAS-3854: -------------------------------------- Fix Version/s: 2.1.0 > Upgrade Spring Security version to 4.2.16 > ----------------------------------------- > > Key: ATLAS-3854 > URL: https://issues.apache.org/jira/browse/ATLAS-3854 > Project: Atlas > Issue Type: Bug > Affects Versions: 2.0.0 > Reporter: Mandar Ambawane > Assignee: Mandar Ambawane > Priority: Major > Fix For: 2.1.0 > > > Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x > prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed > null initialization vector with CBC Mode in the implementation of the > queryable text encryptor. A malicious user with access to the data that has > been encrypted using such an encryptor may be able to derive the unencrypted > values using a dictionary attack. > To resolve this need to upgrade Spring security to 4.2.16 -- This message was sent by Atlassian Jira (v8.3.4#803005)