ballerina-lang icon indicating copy to clipboard operation
ballerina-lang copied to clipboard

Published 20 hours ago verified publisher icon ballerina-platform

[Bug]: Fix the security vulnarabilities identified in 1.2.45

Open RDPerera opened this issue 2 years ago • 0 comments

Description

The trivy scanner identified the following security vulnerabilities for the Ballerina 1.2.45 release build.

image

CVE-2021-38153 - from kafka-clients-2.3.1.jar and kafka_2.11-2.3.1.jar is fixed by https://github.com/ballerina-platform/ballerina-lang/pull/41595 and need to release.

The following vulnerabilities need to be addressed in future patches.

  1. CVE-2023-33201 - from bcprov-jdk15on-1.69.jar
  2. CVE-2023-39017 - from quartz-2.3.2.jar

Steps to Reproduce

No response

Affected Version(s)

No response

OS, DB, other environment details and versions

No response

Related area

-> Compilation

Related issue(s) (optional)

https://github.com/wso2-enterprise/internal-support-ballerina/issues/471

Suggested label(s) (optional)

Type/Security

Suggested assignee(s) (optional)

No response

RDPerera avatar Oct 31 '23 02:10 RDPerera