Issues

Select view

List view

Detail view

Select search mode

Basic

JQL

Upgrade dom4j to latest version
NMS-14696
Resolved issue: NMS-14696

1 of 1

Upgrade dom4j to latest version

Fixed

Description

We have a transitive dependency via Hibernate core on dom4j-1.5.1. The latter needs upgrading to mitigate against an XXE (XML External Entity) vulnerability.

Acceptance / Success Criteria

dom4j artifact updated to latest version
Smoke tests passing
Karaf features files manually checked and updated to avoid runtime breakage

Lucidchart Diagrams

Details
Assignee
Benjamin Reed
Reporter
Jeff Gehlbach
Labels
bugfixslasecurity-lowsupport
HB Grooming Date
Aug 29, 2022
HB Backlog Status
Refined Backlog
FD#
1334
Story Points
1
Components
Sprint
None
Fix versions
Meridian-2019.1.38
Meridian-2020.1.27
Meridian-2021.1.19
Meridian-2022.1.7
30.0.3
Affects versions
Meridian-2019.1.37
Meridian-2020.1.26
Meridian-2021.1.18
Meridian-2022.1.6
30.0.2
Priority
Minor
Parent
NMS-14277 Give the Horizon 30 release series the best security posture possible

PagerDuty

Created August 29, 2022 at 8:08 PM

Updated June 27, 2023 at 9:45 PM

Resolved August 30, 2022 at 3:53 PM

Activity

Show:

Gabriela LopezMarch 9, 2023 at 7:30 PM

InfoSec Risk Assessment

CVSS 7.8 x low likelihood .5 = 3.9 low

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:R/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X

Benjamin ReedAugust 30, 2022 at 3:53 PM

Merged to foundation-2019

Benjamin ReedAugust 30, 2022 at 2:27 PM

PR: https://github.com/OpenNMS/opennms/pull/5233

Issues

Upgrade dom4j to latest version

Description

Acceptance / Success Criteria

Lucidchart Diagrams

Details

Assignee

Reporter

Labels

HB Grooming Date

HB Backlog Status

FD#

Story Points

Components

Sprint

Fix versions

Affects versions

Priority

Parent

PagerDutyPagerDuty Incident

PagerDuty

Activity

Gabriela LopezMarch 9, 2023 at 7:30 PM

Benjamin ReedAugust 30, 2022 at 3:53 PM

Benjamin ReedAugust 30, 2022 at 2:27 PM

PagerDuty