[
https://issues.apache.org/jira/browse/SM-4315?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Luigi De Masi reopened SM-4315:
-------------------------------
spring batch is composed of two different libraries: spring-batch-core and
spring-batch infrastructure.
In bundles-2020.03, only spring-batch-core has been released.
> Upgrade spring-batch from 3.0.8 to 3.0.10 to address CVE-2019-3774
> ------------------------------------------------------------------
>
> Key: SM-4315
> URL: https://issues.apache.org/jira/browse/SM-4315
> Project: ServiceMix
> Issue Type: Bug
> Components: bundles
> Reporter: Luigi De Masi
> Assignee: Freeman Yue Fang
> Priority: Major
> Fix For: bundles-2020.03
>
>
> A new security issue has been discovered on spring-batch versions 3.0.9,
> 4.0.1, 4.1.0 and older, described in
> [this|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3774] security
> report.
> According [Pivotal Vulnerability
> Report|https://pivotal.io/security/cve-2019-3774], to address this issue it
> needs to upgrade to 3.0.10 version.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
