[jira] [Created] (RANGER-3788) Upgrade spring to 5.3.20

Christian Pfarr (Jira) Tue, 14 Jun 2022 01:06:08 -0700

Christian Pfarr created RANGER-3788:
---------------------------------------


             Summary: Upgrade spring to 5.3.20 
                 Key: RANGER-3788
                 URL: https://issues.apache.org/jira/browse/RANGER-3788
             Project: Ranger
          Issue Type: Bug
          Components: admin
    Affects Versions: 2.2.0
            Reporter: Christian Pfarr
             Fix For: 3.0.0, 2.3.0


[https://nvd.nist.gov/vuln/detail/CVE-2022-22970]

[https://nvd.nist.gov/vuln/detail/CVE-2022-22971] 

[https://github.com/spring-projects/spring-framework/releases/tag/v5.3.20] 

Spring seems to be vulnerable to DoS attacks when handling file uploads.

We´ve got some Security Reports and need a fix in future releases.

Upgrading to 5.3.20 should be enough.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

[jira] [Created] (RANGER-3788) Upgrade spring to 5.3.20

Reply via email to