Open Source components have been updated, as listed below, to address known software vulnerabilities. Legal Notices will be updated to reflect these, and other changes, at the next scheduled regular release. 

Teamwork Cloud/Magic Collaboration Studio

ibrary

Old version

New version

CVEs addressed

zookeeper3.9.23.9.3CVE-2024-51504
commons-io2.11.02.18.0CVE-2024-47554
mina-core2.1.62.2.4CVE-2024-52046
elasticsearch7.17.217.17.26
jetty9.4.54.v202402089.4.57.v20241219CVE-2024-8184
CVE-2024-6763
logback-core1.5.31.5.16CVE-2024-12798
netty4.1.1104.1.116CVE-2024-47535
org.eclipse.emf.common2.30.02.40.0
org.eclipse.emf.ecore2.36.02.38.0
org.eclipse.emf.ecore.xmi2.37.02.38.0
api-all2.1.02.1.7
jackson-databind2.17.02.17.3
jackson-datatype-jsr3102.17.02.17.3

Cameo Simulation Toolkit / Magic Model Analyst

Library

Old version

New version

CVEs addressed

Jetty9.4.54.v202402089.4.56.v20240826CVE-2024-8184
jfreechart1.5.31.5.5CVE-2023-52070

BPMN

Library

Old version

New version

CVEs addressed

 jquery 1.4.3 3.7.1

CVE-2020-7656

CVE-2020-11022

CVE-2020-11023

CVE-2019-11358

CVE-2015-9251

CVE-2012-6708

CVE-2011-4969

Cameo DataHub

Library

Old version

New version

CVEs addressed

h22.2.2242.3.232CVE-2018-14335
velocity-engine-core2.32.4.1CVE-2024-47554
xstream1.4.201.4.21CVE-2024-47072

WebApps

Library

Old version

New version

CVEs addressed

logback-classic1.5.61.5.16CVE-2024-12801
CVE-2024-12798
Zookeeper3.9.23.9.3CVE-2024-8184
CVE-2024-47554
CVE-2024-34447
CVE-2024-30172
CVE-2024-30171
CVE-2024-29857
CVE-2024-12801
CVE-2024-12798
Spring5.3.365.3.39CVE-2024-38827
CVE-2024-38809
CVE-2016-1000027
Slf4j2.0.132.0.16
commons-codec1.151.17.1CVE-2020-15250
commons-logging1.3.21.3.4CVE-2024-12801
CVE-2024-12798
Jackson2.17.02.17.3
aspectjweaver1.9.21.11.9.22.1
Netty4.1.110.Final4.1.116.FinalCVE-2024-47535
Jsoup1.15.41.18.3CVE-2024-8184
CVE-2023-26049
CVE-2023-26048
Thymeleaf3.1.2.RELEASE3.1.3.RELEASE
commons-fileupload1.41.5CVE-2023-24998
CVE-2024-47554
CVE-2021-29425
CVE-2020-15250
Batik1.161.17CVE-2022-44729
CVE-2022-44729
commons-compress1.26.21.27.1
spring-security-core,
spring-security-crypto,
spring-security-web,
spring-security-config		5.8.125.8.16CVE-2024-38808

opensaml-core, 
opensaml-saml-api,
opensaml-messaging-api,
opensaml-profile-api,
opensaml-security-api,
opensaml-soap-api,
opensaml-xmlsec-api,
opensaml-saml-impl,
opensaml-security-impl,
opensaml-soap-impl,
opensaml-storage-api,
opensaml-xmlsec-impl

4.3.04.3.2CVE-2024-22262
CVE-2024-22259
CVE-2024-22243
CVE-2023-44483
metrics-core4.2.264.2.29
bcprov-jdk18on,
bcpkix-jdk18on,
bcutil-jdk18on		1.78.11.79

Modeling tools

Library

Old version

New version

CVEs addressed

velocity-engine-core2.32.4.1CVE-2024-47554
lucene-core9.2.09.12.0CVE-2024-45772
woodstox-core-asl4.1.44.4.1CVE-2022-40152
batik-all1.171.18