Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0042747Openbravo ERPA. Platformpublic2020-01-08 15:152020-01-10 09:15
alostale 
alostale 
normalminorhave not tried
closedfixed 
5
 
3.0PR20Q13.0PR20Q1 
caristu
Core
No
0042747: CVE in quartz 2.3.1
Current quartz 2.3.1 has a known vulnerability (CVE-2019-13990 [1]).

Even it is not exploitable for Openbravo as it only affects in case jobs are defined as xml files, we should get updated to the latest version.

[1] https://nvd.nist.gov/vuln/detail/2019-13990 [^]
Not exploitable for Openbravo (see description).
Update to current latest version 2.3.2 which solves the issue [1].

[1] https://github.com/quartz-scheduler/quartz/issues/467 [^]
No tags attached.
blocks defect 0042746 closed alostale CVE in quartz 2.3.1 
Issue History
2020-01-08 15:33alostaleTypedefect => backport
2020-01-08 15:33alostaleTarget Version => 3.0PR20Q1
2020-01-08 15:33alostaleAssigned Toplatform => alostale
2020-01-10 09:02hgbotCheckin
2020-01-10 09:02hgbotNote Added: 0116754
2020-01-10 09:02hgbotStatusscheduled => resolved
2020-01-10 09:02hgbotResolutionopen => fixed
2020-01-10 09:02hgbotFixed in SCM revision => http://code.openbravo.com/erp/backports/3.0PR20Q1/rev/223d941a1d73e88d9df300791d5dffb083661b79 [^]
2020-01-10 09:15caristuNote Added: 0116756
2020-01-10 09:15caristuStatusresolved => closed
2020-01-10 09:15caristuFixed in Version => 3.0PR20Q1

Notes
(0116754)
hgbot   
2020-01-10 09:02   
Repository: erp/backports/3.0PR20Q1
Changeset: 223d941a1d73e88d9df300791d5dffb083661b79
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Wed Jan 08 15:20:48 2020 +0100
URL: http://code.openbravo.com/erp/backports/3.0PR20Q1/rev/223d941a1d73e88d9df300791d5dffb083661b79 [^]

fixed BUG-42747: CVE in quartz 2.3.1

  Updated quartz to 2.3.2 to solve reported CVE.

---
M legal/Licensing.txt
A lib/runtime/quartz-2.3.2.jar
R lib/runtime/quartz-2.3.1.jar
---
(0116756)
caristu   
2020-01-10 09:15   
Reviewed