Open Source components have been updated, as listed below, to address known software vulnerabilities. Legal Notices will be updated to reflect these, and other changes, at the next scheduled regular release. 

Teamwork Cloud/Magic Collaboration Studio

Library

Old version

New version

CVEs addressed

BouncyCastle provider1.561.70
Eclipse EMF common2.30.02.31.0
Eclipse EMF ecore2.36.02.37.0
Eclipse EMF xmi2.37.02.38.0
Jetty9.4.54.v202402089.4.56.v20240826
Netty4.1.107.Final4.1.112.FinalCVE-2024-29025
ElasticSearch7.17.187.17.24CVE-2024-23450

Cameo Simulation Toolkit / Magic Model Analyst

Library

Old version

New version

CVEs addressed

jfreechart1.5.31.5.5
Jetty9.4.54.v202402089.4.56.v20240826CVE-2024-6763, CVE-2024-8184

Cameo DataHub

LibraryOld VersionNew versionCVEs addressed
h22.2.2242.3.232CVE-2018-14335
velocity-engine-core2.32.4CVE-2024-47554

WebApps

Library

Old version

New version

CVEs addressed

ASM9.59.7
Angus Email2.0.22.0.3
SLF4J API2.0.122.0.16
Spring Framework6.0.186.0.23
Apache HttpComponents Core HTTP/1.15.2.45.2.5
Jacoco Maven Plugin0.8.100.8.12
AspectJ Weaver1.9.21.11.9.21.2
Jakarta Activation API2.1.22.1.3
Byte Buddy1.14.121.14.19
Apache Log4j2.23.02.23.1-
bcpkix-jdk18on, bcprov-jdk18on, bcutil-jdk18on1.771.78.1

CVE-2024-29857

CVE-2024-30171

CVE-2024-30172

CVE-2024-34447

java-support8.4.08.4.2

CVE-2024-22262

CVE-2024-22259

CVE-2024-22243

CVE-2023-6378

commons-codec1.16.11.17.1-
commons-io2.15.12.17.0-
commons-validator1.71.9.0CVE-2020-15250
micrometer-commons, micrometer-observation1.12.41.12.9-
Spring Security6.2.36.2.6

CVE-2024-38809

CVE-2024-22262

OpenSAML4.3.04.3.2

CVE-2024-22262

CVE-2024-22259

CVE-2024-22243

CVE-2023-44483

XmlBeans5.2.05.2.1-
XML APIs-1.4.01-