[jira] [Updated] (ATLAS-3854) Upgrade Spring Security version to 4.2.16
[ https://issues.apache.org/jira/browse/ATLAS-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sarath Subramanian updated ATLAS-3854: -- Fix Version/s: 2.1.0 > Upgrade Spring Security version to 4.2.16 > - > > Key: ATLAS-3854 > URL: https://issues.apache.org/jira/browse/ATLAS-3854 > Project: Atlas > Issue Type: Bug >Affects Versions: 2.0.0 >Reporter: Mandar Ambawane >Assignee: Mandar Ambawane >Priority: Major > Fix For: 2.1.0 > > > Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x > prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed > null initialization vector with CBC Mode in the implementation of the > queryable text encryptor. A malicious user with access to the data that has > been encrypted using such an encryptor may be able to derive the unencrypted > values using a dictionary attack. > To resolve this need to upgrade Spring security to 4.2.16 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (ATLAS-3854) Upgrade Spring Security version to 4.2.16
[ https://issues.apache.org/jira/browse/ATLAS-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sarath Subramanian updated ATLAS-3854: -- Component/s: atlas-core > Upgrade Spring Security version to 4.2.16 > - > > Key: ATLAS-3854 > URL: https://issues.apache.org/jira/browse/ATLAS-3854 > Project: Atlas > Issue Type: Bug > Components: atlas-core >Affects Versions: 2.0.0 >Reporter: Mandar Ambawane >Assignee: Mandar Ambawane >Priority: Major > Fix For: 2.1.0 > > > Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x > prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed > null initialization vector with CBC Mode in the implementation of the > queryable text encryptor. A malicious user with access to the data that has > been encrypted using such an encryptor may be able to derive the unencrypted > values using a dictionary attack. > To resolve this need to upgrade Spring security to 4.2.16 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (ATLAS-3854) Upgrade Spring Security version to 4.2.16
[ https://issues.apache.org/jira/browse/ATLAS-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sarath Subramanian updated ATLAS-3854: -- Affects Version/s: 2.0.0 > Upgrade Spring Security version to 4.2.16 > - > > Key: ATLAS-3854 > URL: https://issues.apache.org/jira/browse/ATLAS-3854 > Project: Atlas > Issue Type: Bug >Affects Versions: 2.0.0 >Reporter: Mandar Ambawane >Assignee: Mandar Ambawane >Priority: Major > > Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x > prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed > null initialization vector with CBC Mode in the implementation of the > queryable text encryptor. A malicious user with access to the data that has > been encrypted using such an encryptor may be able to derive the unencrypted > values using a dictionary attack. > To resolve this need to upgrade Spring security to 4.2.16 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (ATLAS-3854) Upgrade Spring Security version to 4.2.16
[ https://issues.apache.org/jira/browse/ATLAS-3854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mandar Ambawane updated ATLAS-3854: --- Description: Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. To resolve this need to upgrade Spring security to 4.2.16 was: Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. To resolve this need to upgrade Spring security to 4.2.16 > Upgrade Spring Security version to 4.2.16 > - > > Key: ATLAS-3854 > URL: https://issues.apache.org/jira/browse/ATLAS-3854 > Project: Atlas > Issue Type: Bug >Reporter: Mandar Ambawane >Assignee: Mandar Ambawane >Priority: Major > > Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x > prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed > null initialization vector with CBC Mode in the implementation of the > queryable text encryptor. A malicious user with access to the data that has > been encrypted using such an encryptor may be able to derive the unencrypted > values using a dictionary attack. > To resolve this need to upgrade Spring security to 4.2.16 -- This message was sent by Atlassian Jira (v8.3.4#803005)