Open Source components have been updated, as listed below, to address known software vulnerabilities. Legal Notices will be updated to reflect these, and other changes, at the next scheduled regular release. 

Teamwork Cloud/Magic Collaboration Studio

Library

Old version

New version

CVEs addressed

mina-core2.2.32.2.4CVE-2024-52046
zookeeper3.9.23.9.3CVE-2024-51504
netty4.1.112.Final4.1.119.FinalCVE-2025-24970
CVE-2024-47535
logback-core1.5.31.5.18CVE-2024-12798
CVE-2024-12801
org.eclipse.emf.common2.31.02.41.0
org.eclipse.emf.ecore2.37.02.38.0
jetty9.4.56.v202408269.4.57.v20241219v
Elastic Search7.17.247.17.28
Apache Commons Lang3.14.03.17.0
Apache Curator5.6.05.8.0
Apache LDAP API2.1.62.1.7
Netty TCNative2.0.65.Final2.0.70.Final

Cameo Simulation Toolkit / Magic Model Analyst

Library

Old version

New version

CVEs addressed

jetty9.4.56.v202408269.4.57.v20241219

WebApps

Library

Old version

New version

CVEs addressed

jsoup1.18.11.18.3
thymeleaf3.1.2.RELEASE3.1.3.RELEASE
commons-codec1.17.11.17.2
junit55.10.35.10.5
spring6.1.136.1.18

CVE-2024-38820

CVE-2024-38819

spring-security6.3.36.3.8

CVE-2024-38827

CVE-2024-38821

zookeeper3.9.23.9.3
jackson2.17.22.17.3
slf4j2.0.132.0.17
asm9.79.7.1
XmlBeans5.2.15.2.2
xmlsec2.3.42.3.5CVE-2024-9823
CVE-2024-8184
CVE-2024-34447
CVE-2024-31573
CVE-2024-30172
CVE-2024-30171
CVE-2024-29857
thymeleaf3.1.2.RELEASE3.1.3.RELEASE
commons-codec1.17.11.17.2

Modeling tools

Library

Old version

New version

CVEs addressed

velocity-engine-core2.32.4.1CVE-2024-47554
commons-lang33.143.17

Cameo DataHub

Library

Old version

New version

CVEs addressed

velocity-engine-core2.32.4.1CVE-2024-47554
xstream1.4.201.4.21
commons-io2.42.18.0

Data Modeling Notations

Library

Old version

New version

CVEs addressed

velocity-engine-core2.32.4.1CVE-2024-47554

MagicReport / ReportWizard

Library

Old version

New version

CVEs addressed

velocity-engine-core2.32.4.1CVE-2024-47554
commons-lang33.143.17