[ 
https://issues.apache.org/jira/browse/ATLAS-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sarath Subramanian updated ATLAS-3854:
--------------------------------------
    Affects Version/s: 2.0.0

> Upgrade Spring Security version to 4.2.16
> -----------------------------------------
>
>                 Key: ATLAS-3854
>                 URL: https://issues.apache.org/jira/browse/ATLAS-3854
>             Project: Atlas
>          Issue Type: Bug
>    Affects Versions: 2.0.0
>            Reporter: Mandar Ambawane
>            Assignee: Mandar Ambawane
>            Priority: Major
>
> Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x 
> prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed 
> null initialization vector with CBC Mode in the implementation of the 
> queryable text encryptor. A malicious user with access to the data that has 
> been encrypted using such an encryptor may be able to derive the unencrypted 
> values using a dictionary attack.
>  To resolve this need to upgrade Spring security to 4.2.16



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to