Upgrade guava and ibm-cos-sdk (to get latest jackson) to fix twistlock issue findings

Open mrmadira opened this issue 2 years ago • 0 comments

Package Version Type CVE CVSS Severity Status HasFix

com.fasterxml.jackson.core_jackson-core 2.13.4 /opt/ibm/connectors/stocator/stocator-1.1.6-IBM-SDK.jar jar PRISMA-2023-0067 7.5 high fixed in 2.15.0

com.google.guava_guava 30 jar CVE-2023-2976 4 medium fixed in 32.0.0 Y

Package	Version	Type	CVE	CVSS	Severity	Status	HasFix
com.fasterxml.jackson.core_jackson-core	2.13.4	/opt/ibm/connectors/stocator/stocator-1.1.6-IBM-SDK.jar	jar	PRISMA-2023-0067	7.5	high	fixed in 2.15.0
com.google.guava_guava	30	jar	CVE-2023-2976	4	medium	fixed in 32.0.0	Y

Note this already takes care of guava, we need to test it -> https://github.com/CODAIT/stocator/pull/329
Bumping up ibm-cos-sdk will bring latest jackson

Jun 26 '23 07:06 mrmadira