Component changes and addressed vulnerabilities
WebApps
Library | Old version | New version | CVEs addressed |
| Spring | 6.2.14 | 6.2.15 |
|
| Apache Log4j 2 | 2.25.2 | 2.25.3 |
|
| Nimbus | 10.3 | 10.7 |
|
| BouncyCastle | 1.81 | 1.83 |
|
| Lucene | 10.2.2 | 10.3.2 |
|
| ZooKeeper | 3.9.3 | 3.9.4 |
|
| commons-lang3 | 3.17.0 | 3.20.0 |
|
| asm | 9.8 | 9.9.1 |
|
| caffeine | 3.2.1 | 3.2.3 |
|
| angus.mail | 2.0.3 | 2.0.5 |
|
| angus.activation | 2.0.2 | 2.0.3 |
|
| artemis | 2.41.0 | 2.44.0 |
|
| aspectjweaver | 1.9.24 | 1.9.25.1 |
|
| httpcomponents-core5 | 5.3.4 | 5.3.5 |
|
| httpcomponents-client5 | 5.5 | 5.6 |
|
| commons-configuration2 | 2.12.0 | 2.13.0 |
|
| prince-java-wrapper | 1.3.0 | 1.5.0 |
|
| batik | 1.18 | 1.19 |
|
| jsoup | 1.21.2 | 1.22.1 |
|
| commons-fileupload | 1.5 | 1.6.0 | CVE-2025-48976 |
| commons-io | 2.20.0 | 2.21.0 |
|
| commons-codec | 1.19.0 | 1.20.0 |
|
| commons-validator | 1.10.0 | 1.10.1 |
|
| Apache POI | 5.4.1 | 5.5.1 |
|
Magic Software Architect / MagicDraw
Library | Old version | New version | CVEs addressed |
| log4j-*.jar | 2.23.1 | 2.25.3 | CVE-2025-68161 |