Open Source components have been updated, as listed below, to address known software vulnerabilities. Legal Notices will be updated to reflect these, and other changes, at the next scheduled regular release.
Teamwork Cloud/Magic Collaboration Studio
ibrary | Old version | New version | CVEs addressed |
| zookeeper | 3.9.2 | 3.9.3 | CVE-2024-51504 |
| commons-io | 2.11.0 | 2.18.0 | CVE-2024-47554 |
| mina-core | 2.1.6 | 2.2.4 | CVE-2024-52046 |
| elasticsearch | 7.17.21 | 7.17.26 | |
| jetty | 9.4.54.v20240208 | 9.4.57.v20241219 | CVE-2024-8184 CVE-2024-6763 |
| logback-core | 1.5.3 | 1.5.16 | CVE-2024-12798 |
| netty | 4.1.110 | 4.1.116 | CVE-2024-47535 |
| org.eclipse.emf.common | 2.30.0 | 2.40.0 | |
| org.eclipse.emf.ecore | 2.36.0 | 2.38.0 | |
| org.eclipse.emf.ecore.xmi | 2.37.0 | 2.38.0 | |
| api-all | 2.1.0 | 2.1.7 | |
| jackson-databind | 2.17.0 | 2.17.3 | |
| jackson-datatype-jsr310 | 2.17.0 | 2.17.3 |
Cameo Simulation Toolkit / Magic Model Analyst
Library | Old version | New version | CVEs addressed |
| Jetty | 9.4.54.v20240208 | 9.4.56.v20240826 | CVE-2024-8184 |
| jfreechart | 1.5.3 | 1.5.5 | CVE-2023-52070 |
BPMN
Library | Old version | New version | CVEs addressed |
| jquery | 1.4.3 | 3.7.1 |
Cameo DataHub
Library | Old version | New version | CVEs addressed |
| h2 | 2.2.224 | 2.3.232 | CVE-2018-14335 |
| velocity-engine-core | 2.3 | 2.4.1 | CVE-2024-47554 |
| xstream | 1.4.20 | 1.4.21 | CVE-2024-47072 |
WebApps
Library | Old version | New version | CVEs addressed |
| logback-classic | 1.5.6 | 1.5.16 | CVE-2024-12801 CVE-2024-12798 |
| Zookeeper | 3.9.2 | 3.9.3 | CVE-2024-8184 CVE-2024-47554 CVE-2024-34447 CVE-2024-30172 CVE-2024-30171 CVE-2024-29857 CVE-2024-12801 CVE-2024-12798 |
| Spring | 5.3.36 | 5.3.39 | CVE-2024-38827 CVE-2024-38809 CVE-2016-1000027 |
| Slf4j | 2.0.13 | 2.0.16 | |
| commons-codec | 1.15 | 1.17.1 | CVE-2020-15250 |
| commons-logging | 1.3.2 | 1.3.4 | CVE-2024-12801 CVE-2024-12798 |
| Jackson | 2.17.0 | 2.17.3 | |
| aspectjweaver | 1.9.21.1 | 1.9.22.1 | |
| Netty | 4.1.110.Final | 4.1.116.Final | CVE-2024-47535 |
| Jsoup | 1.15.4 | 1.18.3 | CVE-2024-8184 CVE-2023-26049 CVE-2023-26048 |
| Thymeleaf | 3.1.2.RELEASE | 3.1.3.RELEASE | |
| commons-fileupload | 1.4 | 1.5 | CVE-2023-24998 CVE-2024-47554 CVE-2021-29425 CVE-2020-15250 |
| Batik | 1.16 | 1.17 | CVE-2022-44729 CVE-2022-44729 |
| commons-compress | 1.26.2 | 1.27.1 | |
| spring-security-core, spring-security-crypto, spring-security-web, spring-security-config | 5.8.12 | 5.8.16 | CVE-2024-38808 |
opensaml-core, | 4.3.0 | 4.3.2 | CVE-2024-22262 CVE-2024-22259 CVE-2024-22243 CVE-2023-44483 |
| metrics-core | 4.2.26 | 4.2.29 | |
| bcprov-jdk18on, bcpkix-jdk18on, bcutil-jdk18on | 1.78.1 | 1.79 |
Modeling tools
Library | Old version | New version | CVEs addressed |
| velocity-engine-core | 2.3 | 2.4.1 | CVE-2024-47554 |
| lucene-core | 9.2.0 | 9.12.0 | CVE-2024-45772 |
| woodstox-core-asl | 4.1.4 | 4.4.1 | CVE-2022-40152 |
| batik-all | 1.17 | 1.18 |