Upgrade dom4j to latest version

Description

We have a transitive dependency via Hibernate core on dom4j-1.5.1. The latter needs upgrading to mitigate against an XXE (XML External Entity) vulnerability.

Acceptance / Success Criteria

dom4j artifact updated to latest version
Smoke tests passing
Karaf features files manually checked and updated to avoid runtime breakage

Lucidchart Diagrams

Activity

Show:

Gabriela Lopez March 9, 2023 at 7:30 PM

InfoSec Risk Assessment

CVSS 7.8 x low likelihood .5 = 3.9 low

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:R/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X

Benjamin Reed August 30, 2022 at 3:53 PM

Merged to foundation-2019

Benjamin Reed August 30, 2022 at 2:27 PM

PR: https://github.com/OpenNMS/opennms/pull/5233

Fixed

Details
Assignee
Benjamin Reed
Reporter
Jeff Gehlbach
Labels
bugfixslasecurity-lowsupport
HB Grooming Date
Aug 29, 2022
HB Backlog Status
Refined Backlog
FD#
1334
Story Points
1
Components
Sprint
None
Fix versions
Meridian-2019.1.38
Meridian-2020.1.27
Meridian-2021.1.19
Meridian-2022.1.7
30.0.3
Affects versions
Meridian-2019.1.37
Meridian-2020.1.26
Meridian-2021.1.18
Meridian-2022.1.6
30.0.2
Priority
Minor
Parent
NMS-14277 Give the Horizon 30 release series the best security posture possible

PagerDuty

Created August 29, 2022 at 8:08 PM

Updated June 27, 2023 at 9:45 PM

Resolved August 30, 2022 at 3:53 PM

Configure

Upgrade dom4j to latest version

Description

Acceptance / Success Criteria

Lucidchart Diagrams

Activity

Gabriela Lopez March 9, 2023 at 7:30 PM

Benjamin Reed August 30, 2022 at 3:53 PM

Benjamin Reed August 30, 2022 at 2:27 PM

Details

Assignee

Reporter

Labels

HB Grooming Date

HB Backlog Status

FD#

Story Points

Components

Sprint

Fix versions

Affects versions

Priority

Parent

PagerDutyPagerDuty Incident

PagerDuty

PagerDuty