TPS-5428 (cumulative patch)

Info	Value
Patch Name	Patch_20230317_TPS-5428_v1-8.0.1
Release Date	2023-03-17
Target Version	20211109_1610-V8.0.1
Product affected	Talend Administration Center

Introduction

This patch is cumulative. It includes all previous generally available patches for Talend Administration Center 8.0.1.

NOTE: To download this patch, liaise with your Support contact at Talend.

Prerequisites

Consider the following requirements for your system:

Talend Administration Center 8.0.1 must be installed.

Installation

Log in to TAC and switch to Configuration-> Software Update, then enter the correct values and save. Follow the procedure described in the documentation: https://help.talend.com/r/en-US/8.0/installation-guide-big-data-linux/config-update-repo
Switch to Software update page, where the new patch will be listed. The patch can be downloaded from here into the nexus repository.
Login to local Nexus, and download the patch file.
Stop all TAC instances. Repeat the following steps for each instance.
Please backup your database (if you meet issues with new patch, you can change to old one with this backup)
Create a patch directory (eg: <Talend>/TAC_Patch).
Unzip patch file you received from support into this directory, then unzip the org.talend.administrator.war file as org.talend.administrator folder. (Note: Please rename org.talend.administrator-8.0.1.war if your old TAC application folder has a different name. Set the same name as your old TAC application name.)
Create a backup directory (eg: <Talend>/TAC_Backup).
Copy folder <Tomcat>/webapps/org.talend.administrator into the backup directory. DO NOT place org.talend.administrator backup folder into webapps directory.
In <Tomcat>/webapps/ directory, remove the previous org.talend.administrator folder, then copy the org.talend.administrator folder unzipped at step 6 and paste in the current directory.
Restore TAC configuration by replacing <Tomcat>/webapps/org.talend.administrator/WEB-INF/classes/configuration.properties and quartz.properties with the same files that are stored in your backup directory.

Note:
- Make sure that no other instances of TAC webapp are deployed into Tomcat's webapps folder. Make sure your TAC backup folder has NOT been stored in <Tomcat>/webapps folder.
- Restore DB driver by copying driver to <Tomcat>/webapps/org.talend.administrator/WEB-INF/lib (available in backup directory <Talend>/TAC_Backup).
- If your TAC database is H2 db and embedded in TAC web folder (<Tomcat>/webapps/org.talend.administrator/WEB-INF/database by default), don't forget to restore H2 db by replacing this folder with the exact corresponding folder from your backup directory.
- H2 version in this patch is updated due to security reasons. To migrate to new version of H2, please follow the documentation: https://help.talend.com/r/en-US/8.0/migration-upgrade-guide-big-data/upgrading-the-h2-database-after-changing-h2-driver-to-21210 .
- If your TAC works with SSO, you should restore the IDP Metadata file (<Tomcat>/webapps/org.talend.administrator/WEB-INF/classes/IDPMetadata.xml) from your backup directory.
- After the step 9, log4j 1.x libraries should have been removed from the folder: <Tomcat>/webapps/org.talend.administrator/WEB-INF/lib.
Restart TAC.

Note:
- It's recommended to clear browser cache after TAC patch has been applied.
- Log4j CVE-2021-44228 & CVE-2021-45046 fixed on Patch_20211223_TPS-5053_v1: please rebuild the jobs with latest Studio patch.
- New LDAP connection timeout parameter: ldap.config.timeout. You can change it by editing the value of the ldap.config.timeout property in milliseconds in the database configuration table.
- In case of patch rollback, only the backup database can be used

TPS-5428

CVEs fixed in TPS-5428

TAC-17641 [8.0.1] CVE-2022-1471: snakeyaml:1.33
TAC-17664 [8.0.1] CVE-2022-45787: apache-mime4j-storage:0.8.3
TAC-17773 [8.0.1] CVE-2022-45688: Json:20220320
TAC-17793 [8.0.1] maven-core:3.8.6
TAC-17810 [8.0.1] CVE-2023-24998: commons-fileupload:1.4
TAC-17834 [8.0.1] CVE-2021-28170: jakarta.el:3.0.3

Other issues fixed in TPS-5428

TAC-17398 [8.0.1] Generated job not found after migration
TAC-17723 [8.0.1] Change Keycloak to Keyloak/AWS
TAC-16466 [8.0.1] custom role for execution plan access
TAC-17626 [8.0.1] TAC artifactory path validation incomplete
TAC-17572 [8.0.1] taskexecutionhistory table size and TAC start time
TAC-17698 [8.0.1] Unable to migrate TAC's DB and no visible error.
TAC-17796 [8.0.1] resumePlan/pausePlan by MetaServlet for FileTrigger does not work
TAC-17637 [8.0.1] maxDurationBeforeCleaningOldJobs and maxDurationBeforeCleaningOldExecutionsLogs in configuration table the description should be days
TAC-17855 [8.0.1] Custom value for password type context parameter will be written to database in plain text when run a plan
TAC-17821 [8.0.1] migration failed from 711 to 801 with oracle
TAC-17278 [8.0.1] Configure TAC for FIPS (Federal Information Processing Standard)
TAC-17846 [8.0.1] Execution history-> context value will show password value as empty

TPS-5426

CVEs fixed in TPS-5426

TAC-17544 [8.0.1] Update ehcache version for hibernate in TAC

Other issues fixed in TPS-5426

TPS-5434 [8.0.1] error 500 when selecting artifact in repository from job conductor (TAC-17600)
TPS-5438 [8.0.1] AWS sso created new user could not be updated from TAC UI (TAC-17645)
TAC-17668 [8.0.1] Some tasks are killed even though "scheduler.conf.resetTaskStatus.maxDurationsOnEmptyLog" set to 0
TAC-17602 [8.0.1] Task Status Mismatch Issue
TAC-17371 [8.0.1] fewer business logs compared to 7.2.1
TAC-17499 [8.0.1] TAC slowness in requesting run and deploying
TAC-17720 [8.0.1] 731 release build migrate to latest 888 build failed.
TAC-17714 [8.0.1] Task end date and task duration details are not updated in TAC if we manually kill any job
TAC-17681 [8.0.1] Error and warn messages when execution plans are executed even they ran without any issues.

TPS-5424

CVEs fixed in TPS-5424

TAC-17558 [8.0.1] Update CXF library to version 3.5.5
TAC-17489 [8.0.1] CVE: CVE-2022-40154 com.thoughtworks.xstream:xstream:1.4.19(to 1.4.20)
TAC-17596 [8.0.1] CVE-2022-45693: Vulnerable lib Jettison 1.5.1 found in TAC
TAC-17591 [8.0.1] CVE-2022-1471: Vulnerability was found in library SnakeYAML version 1.32
TAC-17594 [8.0.1] CVE-2022-40152: com.fasterxml.woodstox:woodstox-core:6.2.7

Other issues fixed in TPS-5424

TAC-16293 [8.0.1] TAC will hang up if a task with a specific job enabling Statistics on the task is running
TAC-17353 [8.0.1] Issue adding a new LDAP user in TAC
TAC-17555 [8.0.1] Add a description into TAC cumulative patch Release Note
TAC-17560 [8.0.1] "Storage period for generated Jobs" is not working.
TAC-17569 [8.0.1] Add index for some table in MSSQL, Postgre, Oracle
TAC-17608 [8.0.1] Metaservlet TAC database migration from Postgres to SQL Server is not working
TPS-5420 [8.0.1] Update CXF library to version 3.5.5 (TAC-17558)
TPS-5424 [8.0.1] Cumulative Patch - 20230119

Fixed issues

This patch is cumulative and contains the following fixes:

TAC-14830 [8.0.1] Consolidate InetUtil RunIfConfigCommand methods
TAC-15654 [8.0.1] Improve the error handle and print necessary error message
TAC-14895 [8.0.1] Irrelevant warning when edit user group
TAC-15954 [8.0.1] URL returned blank when adding administrator at the end of TAC URL
TAC-15910 [8.0.1] NPE when saving LDAP user with non-existing DN
TAC-15898 [8.0.1] TAC continues to work though set auditlog.failure.stopActivity to true
TAC-14907 [8.0.1] error accessing runtime page, via a reverse proxy (F5)
TAC-15899 [8.0.1] Error when undeploying ESB task
TAC-15951 [8.0.1] migrate libraries : not all artifacts from org.talend.libraries are migrated from old to new nexus
TAC-15967 [8.0.1] edit user group which have user assigned will throw 500 error
TAC-15992 [8.0.1] Forgot password should be executed for existing and not existing user for the same time
TAC-15897 [8.0.1] A task running by a plan with a custom context will run with default context at times
TAC-15823 [8.0.1] Default context is not changed though removed from later version
TAC-15894 [8.0.1] Task status in execution details are always in running when job server host ip is unavailable
TAC-15878 [8.0.1] metaservlet projectExist didn't work as expected
TAC-15778 [8.0.1] Add missing reset context audit log
TPS-5028 [8.0.1] DBConfig page show username and password is not correct and license can not be imported (TAC-15880)
TAC-16001 [8.0.1] Context parameters not displaying in TAC
TAC-16022 [8.0.1] RemoteDataRetriver never shutdown for execution when jobserver is unreachable
TPS-5053 [8.0.1] Log4j CVE-2021-44228/CVE-2021-45046 on TAC (TAC-16076)
TAC-15962 [8.0.1] TAC upgraded to TPS-4989 then startup too long time
TAC-16060 [8.0.1] Execution log is not immediately displayed though task has finished running
TAC-16065 [8.0.1] Upper / Lower Panels in the ERROR RECOVERY MANAGEMENT page not "synchronized"
TAC-16127 [8.0.1] Cannot see context in one of TAC in a cluster
TAC-16121 [8.0.1] TAC patch list does not manage continuation_token from nexus
TAC-16126 [8.0.1] FileNotFoundException error when deploy a task which enabled "Use Latest Version"
TAC-15776 [8.0.1] Delete task/plan print details in business log regarding task/plan deleted
TAC-15917 [8.0.1] Null Pointer exception while browsing through the tasks in Job Conductor Tab
TAC-16148 [8.0.1] ExecutionPlan Page refresh has the 500 client error
TAC-16190 [8.0.1] Faild to execute metaservlet with the error 'password for Db config is incorrect.
TPS-5079 [8.0.1] TAC Log4j CVE-2021-44832: update to Log4j 2.17.1 (TAC-16203)
TPS-5089 [8.0.1] CVE-2021-42392 - Disable Remote H2 Console Access (TAC-16214)
TAC-15513 [8.0.1] "scheduler.conf.retryRestartTaskWhenConnectionServerFailed" to be used by Tasks in Execution Plans
TAC-16300 [8.0.1] Jobconductor task hanging on "1 awaiting exec"
TAC-16282 [8.0.1] after login tac via SSO, cannot see full properties
TAC-16245 [8.0.1] Metaservlet 'removeServerProjectAuthorization' faild with 'Cannot commit transaction'
TAC-16246 [8.0.1] "String index out of range: -1" for MetaServlet-> runTask with empty context {}
TAC-16280 [8.0.1] DB Migration failure from 721, 731 to 801 regarding DeprecatedFeaturesOn801Migration
TAC-16277 [8.0.1] TAC's DB issue when deploying ESB Tasks after patch
TAC-16249 [8.0.1] Cannot update a task when task name and plan name are the same
TAC-13275 [8.0.1] Unable to import user with xml file
TPS-5129 [8.0.1] TAC v801 Migration Failed, all data has been deleted on executionplanpart table by TAC migration (TAC-16341)
TAC-16284 [8.0.1] No errors thrown on all migration Operations
TAC-16343 [8.0.1] Message need update when add one new longer license on License page
TAC-16202 [8.0.1] Too many segment logs when debug threshold is set
TPS-5135 [8.0.1] TAC task duration is at least 10 seconds greater than job duration (TAC-16198)
TAC-16413 [8.0.1] Configuration page showing endless Refresh
TAC-16400 [8.0.1] jgit hangs/sleep in FS.FileStoreAttributeCache step on Git Project Connection checking
TAC-16304 [8.0.1] Customer doesn't see his admin users
TAC-13275 [8.0.1] Unable to import user with xml file
TAC-16335 [8.0.1] Job running on Jobserver is killed unexpectedly
TAC-16198 [8.0.1] TAC task duration is at least 10 seconds greater than job duration
TAC-16460 [8.0.1] java.lang.NoSuchMethodError: org.apache.log4j.MDC.put error when upload license
TAC-15911 [8.0.1] Apply schema change automatically
TAC-16442 [8.0.1] Cannot edit TAC projects with empty credential
TAC-16474 [8.0.1] TAC latest patch v8.0.1 with log2 doen`t log events
TAC-16368 [8.0.1] Investigate "Trigger-Runner" what is he used for
TAC-16468 [8.0.1] Change in behavior for getTaskIdByName metaservlet call
TAC-16497 [8.0.1] Migration failed when upgrading Postgres DB to TAC 8.0
TAC-16333 [8.0.1] Update default value for ldap connection timeout to 30s
TAC-16420 [8.0.1] Talend2 - 02 - Database authentication testing endpoint is not authenticated
TAC-16516 [8.0.1] Use default value jobserver.useCache=true when having DB connection problem
TAC-16546 [8.0.1] Fix TAC name error in MetaServlet command help
TAC-16513 [8.0.1] TAC 731 - H2 DB to Oracle Migration not recognizing the License in the Oracle Database
TAC-16555 [8.0.1] Attribute:'svnid' not present while adding users in TAC using LDAP with SVN as storage
TAC-16147 [8.0.1] TAC role don't sync when update tac role from sso
TAC-16370 [8.0.1] "DBException: task not found exception" when tasked deleted from metaservlet ->runTask and Jobconductor UI is still refreshing on it
TAC-16494 [8.0.1] The trigger info on plan is lost
TAC-16561 [8.0.1] Trigger name left ' is lost in File trigger
TPS-5189 [8.0.1] Talend2 - 01 - XXE processing vulnerability (TAC-16390)
TAC-16598 [8.0.1] Metaservlet command failed for createSandboxProject
TAC-16610 [8.0.1] Find possibility to enable hibernate.generate_statistics in TAC hibernate
TAC-16327 [8.0.1] Migration failed on executionplanpartcontextprmsid column from mysql to postgresql executionplanpartcontextprmsid using Metaservelet-> migrateDatabase
TAC-16626 [8.0.1] Metaservlet command "listUsers" doesn`t show users ldap parameters
TAC-16309 [8.0.1] When Set business log limit by: Time, it can happen that all business log files are deleted and no new file created
TAC-16519 [8.0.1] SSO - Support for keycloak
TAC-15771 [8.0.1] Generate a Personal Access Token from TAC metaservlet
TAC-16313 [8.0.1] Skip Backup option during TAC-Migration
TAC-16536 [8.0.1] cannot deploy and run normal task deployed as zip after jobserver reboot
TAC-16683 [8.0.1] Stop & start features in ESBConductor are not working
TPS-5233 [8.0.1] CVE-2022-31648: SSOUtils.buildErrorPage doesn't escape the error message (TAC-16644)
TPS-5245 [8.0.1] TAC connection to Nexus behind proxy(TAC-16445)
TAC-16704 [8.0.1] Fix ConcurrentModificationException in RealtimeDataParser
TAC-16695 [8.0.1] missing realtime statistics from older executions
TAC-15218 [8.0.1] add checksum in software update for the download of patch
TAC-16554 [8.0.1] Add innodbstrictmode=OFF setting in DB config file
TPS-5255 [8.0.1] Transaction deadlocked with SQL Server (TAC-16738)
TAC-16801 [8.0.1] Notification isn't send for 'On user deletion' event when deleting user with metaservlet
TAC-16834 [8.0.1] Reset password: typo in error message
TAC-16743 [8.0.1] org.hibernate.HibernateException: Illegal attempt to associate a collection with two open sessions
TAC-16303 [8.0.1] TAC real time statistics do not work sometimes.
TAC-16858 [8.0.1] Not all connection results are visible in real time statistics
TAC-16856 [8.0.1] Execution Plan Name not available in Triggered by Section in Job Conductor
TAC-16703 [8.0.1] No error message when project is NPA and role is admin when login from SSO
TAC-16770 [8.0.1] Limit the number of patches on SoftwareUpdate page
TAC-16643 [8.0.1] TAC is updating completed tasks after service restart and triggering misfire notifications
TPS-5281 [8.0.1] The interaction between tds and scim takes more time than 721 in 801 (TAC-16753)
TAC-16495 [8.0.1] TAC Execution Plan stuck in Status "Killing"
TAC-16621 [8.0.1] Add in Audit logs actions on Personal Tokens for TAC
TAC-16761 [8.0.1] use Long for execution task parameter id
TAC-16897 [8.0.1] Unable to display/update context parameter using API while publishing a new version of job
TAC-16909 [8.0.1] No token set error on TAC DB config page
TAC-16958 [8.0.1] New added context in jobconductor will disappears after running artifact task
TAC-16982 [8.0.1] Plan: delete parameter in plan, but it is still referenced in context parameter
TAC-17009 [8.0.1] The EP status should be interrupted when EP is not parallel execution
TAC-17021 [8.0.1] Create task failed when artifact with context (H2 db)
TPS-5297 [8.0.1] The job always keep "running" when stop jobserver(TAC-16988)
TAC-17014 [8.0.1] Delete custom context parameter need a extra refresh to see parameter disappear
TAC-17026 [8.0.1] Metaservlet help all for revokePersonalAccessTokenOfUser need update
TAC-17035 [8.0.1] Rollback does not work when EP is killed by timeout
TAC-17057 [8.0.1] Contains the multiple repeat keys when export the config parameters
TPS-5324 [8.0.1] Metaservlet: 'Cannot flush and commit transaction' when deleting ESB task(TAC-16884)
TAC-15432 [8.0.1] add the ability to include or not the logs in attachment (or, at least, zip the attachment)
TAC-17044 [8.0.1] Facing issue in servers page of TAC when trying to edit the name in the label section.
TAC-17076 [8.0.1] Migration faild from 72 to 73/801
TAC-16790 [8.0.1] task status set to "Ended with Warning" and could not be triggered anymore
TPS-5329 [8.0.1] Convert @ when Artifact Repository user name contains this symbol(TAC-17121)
TAC-17056 [8.0.1] Integrate with authentication feature for JobServer's FileServer
TAC-15590 [8.0.1] Proxy server authentication not working
TAC-17157 [8.0.1] Authorization Resource/Role assignments not properly refreshed
TAC-17184 [8.0.1] Update context from default and custom save it will show error after deploy a new version.
TAC-17265 [8.0.1] Unable to create tasks with TPS-5329
TPS-5344 [8.0.1] "use latest version" : the latest artifact version is not always selected - continuation token (TAC-17158)
TAC-17176 [8.0.1] Master key encoded wrongly when running service in Japanese locale
TAC-17177 [8.0.1] "use latest version" is not the latest job for the job order in jfrog is not same as studio
TAC-17181 [8.0.1] migrateDatabase command Source=Oracle Target=PostgreSQL : creates empty tables in postgreSQL DB
TPS-5357 [8.0.1] job server high availability via virtual job server does not work (TAC-17249)
TAC-17295 [8.0.1] Version: 500 The call failed on the server after apply the latest TAC patch (SqlServer with jtds driver)
TPS-5358 [8.0.1] Metaservlet migratedatabase action does not work between mysql and mssql (TAC-17248)
TAC-17304 [8.0.1] Old context parameter names not removed when updating task manually in TAC or using contextParamsRefresh=false with MetaServlet
TAC-17362 [8.0.1] reset context parameter result in emply context (blank) with TPS-5343 if generatedJobs folder path is non canonical
TAC-17373 [8.0.1] Wrong unit for maxDurationBeforeCleaningOldJobs maxDurationBeforeCleaningOldExecutionsLogs, but doc showing days as unit
TAC-17389 [8.0.1] job status stuck "running" if using postgres DB, and job generating "null" in job logs
TAC-17393 [8.0.1] Duplicate entry XXX for key 'executiontaskjobprm.PRIMARY'
TAC-17443 [8.0.1] execution plan doesn't show in ui after creating with oracle database
TPS-5384 [8.0.1] CVE-2022-42889: Update lib apache.commons-text (TAC-17340)
TAC-17443 [8.0.1] execution plan doesn't show in ui after creating with oracle database
TAC-17475 [8.0.1] Task Status are not updating in TAC UI
TAC-17500 [8.0.1] Deadlock when reset task on jobserver timeout (Postgres Sql)
TPS-5393 [8.0.1] Talend jobs getting killed automatically in 7.3.1(TAC-17432)
TPS-5408 [8.0.1] Big data streaming Conductor could not list, deploy and run(TAC-17433,TAC-17474)
TAC-17525 [8.0.1] Metaservlet not able to read context from Artifact
TPS-5411 [8.0.1] Update jobserver client version for issue TPRUN-4892 and TPRUN-4898

Security fixes

This patch includes the security fixes:

TAC-15950 [8.0.1] Vulnerability in "forgot password" functionality in TAC
TAC-16115 [8.0.1] TAC - Log4j2 CVE-2021-45105 DOS attack Fix - Version (2.17.0 update)
TAC-15298 [8.0.1] Talend - 01 - OTG-INFO-005 - Review Webpage Comments and Metadata for Information Leakage
TAC-16213 [8.0.1] Update H2 dependency to 2.0.206
TAC-16344 [8.0.1] Update H2 dependency to 2.1.210
TAC-16286 [8.0.1] Migration from log4j1 to log4j2 (update to 2.17.1v)
TAC-16390 [8.0.1] CVE-2022-29943: Talend2 - 01 - XXE
TAC-16407 [8.0.1] CVE-2022-29942: Talend2 - 03 - SSRF
TAC-16486 [8.0.1] Vulnerable library Liquibase
TAC-16487 [8.0.1] Vulnerable library JDOM
TAC-16567 [8.0.1] CVE-2021-43859: Vulnerable library XStream Core 1.4.18
TAC-16568 [8.0.1] CVE-2020-36518: Vulnerable library jackson-databind 2.12.2
TAC-16644 [8.0.1] CVE-2022-31648: SSOUtils.buildErrorPage doesn't escape the error message
TAC-16668 [8.0.1] Update to Apache CXF 3.5.2 for TAC
TAC-16792 [8.0.1] Session creation is insecure
TAC-16794 [8.0.1] For cookie "dbadminsession" HttpOnly needs to be added
TAC-14807 [8.0.1] Fix possible SQL Injection issues
TAC-16833 [8.0.1] Update studio-utils to 1.0.8 version
TAC-16855 [8.0.1] CVE-2021-41303: Vulnerable library Apache Shiro update to v 1.9.0
TAC-16870 [8.0.1] CVE-295: Insecure HostnameVerifier implementation on NetIQ plugin
TAC-16977 [8.0.1] CVE-2022-32532: Update apache shiro to 1.9.1 version
TAC-16978 [8.0.1] CVE-2022-25647: Update Gson lib to version 2.9.0
TAC-16979 [8.0.1] CVE-2022-23221: Update H2 Database Engine to version 2.1.214
TAC-16980 [8.0.1] CVE-2021-26291: Update Maven Core to version 3.8.6
TAC-17017 [8.0.1] CVE-2022-33980: Update Apache Commons Configuration to version 2.8.0
TAC-16985 [8.0.1] Implement file path traversal guards
TAC-15749 [8.0.1] Make sure CRLF characters are removed from MailSender
TAC-16959 [8.0.1] Ensure output is encoded
TAC-17205 [8.0.1] CVE-2018-5382: Update Bouncy Castle Provider to version 1.69
TAC-17227 [8.0.1] Remove default credentials to nexus and artifactory
TAC-17270 [8.0.1] Fix Veracode SAST Output Log Neutralization issues
TAC-17331 [8.0.1] CVE-2022-23437: Vulnerable lib Xerces 2.12.0 found in TAC
TAC-17329 [8.0.1] CVE-2021-37136: Vulnerable lib netty-codec 4.1.54.Final found in TAC
TAC-17330 [8.0.1] CVE-2022-40150: Vulnerable lib Jettison 1.4.0 found in TAC
TAC-17332 [8.0.1] CVE-2022-40664: Vulnerable lib shiro-web found in TAC
TAC-17340 [8.0.1] CVE-2022-42889: Update lib apache.commons-text
TAC-17352 [8.0.1] CVE-2022-30973: Vulnerability found in org.apache.tika:tika version1.24.1
TAC-17354 [8.0.1] CVE-2022-42003: Vulnerable library jackson-databind was found in TAC
TAC-17424 [8.0.1] CVE-2022-25857: Vulnerability was found in library SnakeYAML version 1.26
TAC-17426 [8.0.1] CVE-2021-20293: Vulnerability was found in library RestEasy core version 4.5.10.Final
TAC-17482 [8.0.1] CVE: commons-codec:commons-codec:1.11(to 1.15)
TAC-17483 [8.0.1] CVE: CVE-2022-36033 org.jsoup:jsoup:1.14.2 (to 1.15.3)
TAC-17542 [8.0.1] CVE-2021-33813: Remove vulnerable jdom-1.1 from project
TAC-17549 [8.0.1] Vulnerability found in org.json:org.json:20120509 and org.json:json:20140107
TAC-17553 [8.0.1] Update Pax URL Aether
TAC-17541 [8.0.1] Update CXF library to version 3.5.2
TAC-17546 [8.0.1] CVE-2019-7611: Vulnerability found old in org.elasticsearch:elasticsearch 2.4.3

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here