Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0042746 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | minor | have not tried | 2020-01-08 15:15 | 2020-01-10 09:15 | |||
| Reporter | alostale | View Status | public | |||||
| Assigned To | alostale | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | 3.0PR20Q2 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | f139045c1bba | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | ||||||||
| Review Assigned To | caristu | |||||||
| OBNetwork customer | No | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0042746: CVE in quartz 2.3.1 | |||||||
| Description | Current quartz 2.3.1 has a known vulnerability (CVE-2019-13990 [1]). Even it is not exploitable for Openbravo as it only affects in case jobs are defined as xml files, we should get updated to the latest version. [1] https://nvd.nist.gov/vuln/detail/2019-13990 [^] | |||||||
| Steps To Reproduce | Not exploitable for Openbravo (see description). | |||||||
| Proposed Solution | Update to current latest version 2.3.2 which solves the issue [1]. [1] https://github.com/quartz-scheduler/quartz/issues/467 [^] | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||||||||
|
|||||||||||||||
 Relationships |
|
Notes |
|
|
(0116696) alostale (viewer) 2020-01-08 15:27 |
MR: https://gitlab.com/openbravo/product/openbravo/merge_requests/31 [^] |
|
(0116753) hgbot (developer) 2020-01-10 08:59 |
Repository: erp/devel/pi Changeset: f139045c1bba18b0abd882b62a7fc62095f973f2 Author: Asier Lostalé <asier.lostale <at> openbravo.com> Date: Wed Jan 08 15:20:48 2020 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/f139045c1bba18b0abd882b62a7fc62095f973f2 [^] fixed BUG-42746: CVE in quartz 2.3.1 Updated quartz to 2.3.2 to solve reported CVE. --- M legal/Licensing.txt A lib/runtime/quartz-2.3.2.jar R lib/runtime/quartz-2.3.1.jar --- |
|
(0116755) caristu (viewer) 2020-01-10 09:15 |
https://gitlab.com/openbravo/product/openbravo/merge_requests/31 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2020-01-08 15:15 | alostale | New Issue | |
| 2020-01-08 15:15 | alostale | Assigned To | => platform |
| 2020-01-08 15:15 | alostale | OBNetwork customer | => No |
| 2020-01-08 15:15 | alostale | Modules | => Core |
| 2020-01-08 15:15 | alostale | Triggers an Emergency Pack | => No |
| 2020-01-08 15:15 | alostale | Relationship added | related to 0041483 |
| 2020-01-08 15:15 | alostale | Review Assigned To | => caristu |
| 2020-01-08 15:27 | alostale | Note Added: 0116696 | |
| 2020-01-08 15:33 | alostale | Status | new => scheduled |
| 2020-01-08 15:33 | alostale | Assigned To | platform => alostale |
| 2020-01-10 08:59 | hgbot | Checkin | |
| 2020-01-10 08:59 | hgbot | Note Added: 0116753 | |
| 2020-01-10 08:59 | hgbot | Status | scheduled => resolved |
| 2020-01-10 08:59 | hgbot | Resolution | open => fixed |
| 2020-01-10 08:59 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/f139045c1bba18b0abd882b62a7fc62095f973f2 [^] |
| 2020-01-10 09:15 | caristu | Note Added: 0116755 | |
| 2020-01-10 09:15 | caristu | Status | resolved => closed |
| 2020-01-10 09:15 | caristu | Fixed in Version | => 3.0PR20Q2 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |