[
https://issues.apache.org/jira/browse/SM-4312?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Luigi De Masi reopened SM-4312:
-------------------------------
spring batch is composed of two different libraries: spring-batch-core and
spring-batch infrastructure.
In bundles-2020.03, only spring-batch-core has been released.
> Upgrade spring-batch from 4.0.1 to 4.0.2 to address CVE-2019-3774
> -----------------------------------------------------------------
>
> Key: SM-4312
> URL: https://issues.apache.org/jira/browse/SM-4312
> Project: ServiceMix
> Issue Type: Bug
> Reporter: Luigi De Masi
> Assignee: Freeman Yue Fang
> Priority: Major
> Fix For: bundles-2020.03
>
>
> A new security issue has been discovered on spring-batch versions 3.0.9,
> 4.0.1, 4.1.0 and older, described in
> [this|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3774] security
> report.
> According [Pivotal Vulnerability
> Report|https://pivotal.io/security/cve-2019-3774], to address this issue it
> needs to upgrade to 4.0.2 version.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
