Follow

Engine and Engine Dispatch 20.1.48.929

Avatar

Released 2022-11-10

 

Improvements

  • [Java Only] updated Jackson libraries with fix forCVE-2022-42004
  • [Java Only] Updated Apache commons-text dependency to version 1.10.0 to avoid using a version withCVE-2022-42889. Note: Engine itself was not impacted by this CVE since the only use of commons-text was for escaping and unescaping via org.apache.commons.text.StringEscapeUtils, not for variable substitution.
  • [Java Only] Update Jackson versions, specifically to get the latest jackson-databind that is not subject toCVE-2022-42003.Note: Engine was not vulnerable due to not using UNWRAP_SINGLE_VALUE_ARRAYS
  • [Java Only] Update woodstox-core forCVE-2022-40153. Note: Engine does not appear to be vulnerable due to not validating external DTDs
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Powered by Zendesk