[
https://issues.apache.org/jira/browse/ATLAS-4915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17896493#comment-17896493
]
ASF subversion and git services commented on ATLAS-4915:
--------------------------------------------------------
Commit 63b396a5ff42cea01b7d89a4c20a59f7e87d6be1 in atlas's branch
refs/heads/master from Disha Talreja
[ https://gitbox.apache.org/repos/asf?p=atlas.git;h=63b396a5f ]
ATLAS-4915: Upgrade Spring Security to 5.7.13/5.8.15/6.2.7/6.3.4+ due to
CVE-2024-38821
Signed-off-by: Radhika Kundam <[email protected]>
> Upgrade Spring Security to 5.7.13/5.8.15/6.2.7/6.3.4+ due to CVE-2024-38821
> ---------------------------------------------------------------------------
>
> Key: ATLAS-4915
> URL: https://issues.apache.org/jira/browse/ATLAS-4915
> Project: Atlas
> Issue Type: Task
> Components: atlas-core
> Reporter: Disha Talreja
> Assignee: Disha Talreja
> Priority: Major
> Attachments: ATLAS-4915.patch
>
>
> Upgrade Spring Security to 5.7.13/5.8.15/6.2.7/6.3.4+ due to CVE-2024-38821
> Affected versions of this package are vulnerable to Missing Authorization
> allowing Spring Security authorization rules to be bypassed for static
> resources.
> [https://nvd.nist.gov/vuln/detail/CVE-2024-38821]
> [https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-8309135]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
