Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0052255
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformmajorhave not tried2023-04-26 13:342023-11-21 09:13
Reporterkousalya_rView Statuspublic 
Assigned Tokousalya_r 
PrioritynormalResolutionno change requiredFixed in Version
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0052255: Request to provide valid version for jettison-1.3-patched.jar

DescriptionPlease provide us a valid version to replace the jar jettison-1.3-patched.jar that China has reported the vulnerability.
Steps To ReproduceChina has requested version 1.5.4
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
depends on design defect 0037151 acknowledgedTriage Platform Base upgrade/replace JSON library 
depends on defect 0037135 closedalostale OOM parsing corrupted JSON 
Not all the children of this issue are yet resolved or closed.

-  Notes
(0157374)
AugustoMauch (administrator)
2023-11-20 17:41

Kousalya, that upgrade of that library is very complex, see [1]. Could you share with me via chat the details of the vulnerability? To see if we are really exposed to it, and if so, if there are other ways of avoiding the vulnerability other than upgrading the library.

[1] https://issues.openbravo.com/view.php?id=51132 [^]
(0157398)
AugustoMauch (administrator)
2023-11-21 09:13

It has been confirmed that the current version does not have the vulnerability that the client was concerned about

- Issue History
Date Modified Username Field Change
2023-04-26 13:34 kousalya_r New Issue
2023-04-26 13:34 kousalya_r Assigned To => Triage Platform Base
2023-04-26 13:34 kousalya_r Modules => Core
2023-04-26 13:34 kousalya_r Triggers an Emergency Pack => No
2023-04-26 13:35 kousalya_r Summary jettison-1.3-patched.jar => Request to provide valid version for jettison-1.3-patched.jar
2023-04-26 13:37 kousalya_r Description Updated View Revisions
2023-04-26 13:38 kousalya_r Relationship added depends on 0037151
2023-04-26 13:39 kousalya_r Relationship added depends on 0037135
2023-04-26 13:41 kousalya_r Steps to Reproduce Updated View Revisions
2023-05-15 11:08 AugustoMauch Assigned To Triage Platform Base => kousalya_r
2023-05-15 11:08 AugustoMauch Status new => feedback
2023-11-20 17:41 AugustoMauch Note Added: 0157374
2023-11-21 09:13 AugustoMauch Note Added: 0157398
2023-11-21 09:13 AugustoMauch Status feedback => closed
2023-11-21 09:13 AugustoMauch Resolution open => no change required


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker