Versions Compared

Old Version 7

changes.mady.by.user Elias Brattli Sørensen

Saved on

compared with

New Version 8

changes.mady.by.user Elias Brattli Sørensen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Dependency

Updated from version

Updated to version

Description

com.github.spotbugs:spotbugs-maven-plugin@4.1.3

4.1.3

4.5.0.0

Maven plugin wrapper for spotbugs, used for static security analysis of source code

com.github.spotbugs:spotbugs

4.1.4

4.5.2

Static analysis tool used for security analysis of source code

com.google.guava:guava

30.0-jre

31.0.1-jre

org.slf4j:slf4j-log4j12

1.7.22

1.7.32

Logging framework

org.slf4j:slf4j-api

1.7.22

1.7.32

Logging framework

org.eclipse.jetty:jetty-server

9.4.35.v20201120

9.4.44.v20210927

org.eclipse.jetty:jetty-servlet

9.4.35.v20201120

9.4.44.v20210927

com.squareup.okhttp3:okhttp

4.9.1

4.9.3

Library used to handle HTTP requests in OIDC

org.jetbrains.kotlin:kotlin-stdlib

1.4.10

1.6.10

Library used to handle http components in okhttp

org.json:json

20180813

20210307

Library used for managing JSON objects.

org.apache.commons:commons-lang

2.x

org.apache.commons:commons-lang3@3.12.0

Provided dependency with vulnerabilities, now drawn in exclicitly.

commons-io

[2.0, 2.4]

2.11

Vulnerabilities patched. See more details in the table under Vulnerabilities fixed

commons-codec:commons-codec

1.10

1.15

Vulnerabilities patched. See more details in the table under Vulnerabilities fixed

org.bouncycastle.bcpkix

org.bouncycastle.bcpkix-jdk15on@1.59

org.bouncycastle.bcpkix-jdk15to18@1.70

Vulnerabilities patched. See more details in the table under Vulnerabilities fixed

org.opensaml:opensaml-saml-impl

3.4.5

3.4.6

Updated to latest version compatible with Java 8 environment

...

Vulnerability

Vulnerable dependency

Fix update

Patched in 5.3.1

Description

CVE-2021-29425

commons-io@[2.0, 2.4]

commons-io@2.11

  •  Patched

Updated dependency from both transitive libraries and

CWE-200

CVE-2020-13956

commons-codec:commons-codec@1.10

commons-codec:commons-codec@1.15

  •  Patched

Vulnerabilities were fixed in 1.13, we updated to 1.15.

CVE-2020-9488

log4j 1.2.17

N/A

  •  

Log4j is provided by the Atlassian host system with the Atlassian-managed fork of Log4j. We perform all our logging using the Slf4j framework, leaving the log4j API version to the Host system. This will have to be addressed by Atlassian.

CVE-2020-26939,
CVE-2020-15522
CVE-2020-26939
CVE-2018-1000180,
CVE-2018-1000613

org.bouncycastle.bcpkix-jdk15on@1.59

org.bouncycastle.bcpkix-jdk15to18@1.70

  •  Patched

Updated to latest version of Bouncy castles, 1.70 in our SAML library, which while compiled in Java 16, has files compatible with Java 8 published in the .jar. Note that older versions of Bouncy castles also exist as a transitive, provided dependency from the Atlassian host system.

CVE-2020-27223, CVE-2021-28163, CVE-2021-28165, CVE-2021-28169, CVE-2021-34428

jetty-http-9.4.35.v20201120
jetty-server-9.4.35.v20201120

org.eclipse.jetty:jetty-server@9.4.44.v20210927

  •  Patched

CVE-2021-28165

jetty-io-9.4.35.v20201120

org.eclipse.jetty@9.4.44.v20210927

  •  Patched

CVE-2020-15824, CVE-2020-29582

kotlin-stdlib-common@1.4.0

org.jetbrains.kotlin:kotlin-stdlib@1.6.10

  •  Patched

...