Open Source components have been updated, as listed below, to address known software vulnerabilities. Legal Notices will be updated to reflect these, and other changes, at the next scheduled regular release.

Teamwork Cloud/Magic Collaboration Studio

Library	Old version	New version	CVEs addressed
mina-core	2.2.3	2.2.4	CVE-2024-52046
zookeeper	3.9.2	3.9.3	CVE-2024-51504
netty	4.1.112.Final	4.1.119.Final	CVE-2025-24970 CVE-2024-47535
logback-core	1.5.3	1.5.18	CVE-2024-12798 CVE-2024-12801
org.eclipse.emf.common	2.31.0	2.41.0
org.eclipse.emf.ecore	2.37.0	2.38.0
jetty	9.4.56.v20240826	9.4.57.v20241219v
Elastic Search	7.17.24	7.17.28
Apache Commons Lang	3.14.0	3.17.0
Apache Curator	5.6.0	5.8.0
Apache LDAP API	2.1.6	2.1.7
Netty TCNative	2.0.65.Final	2.0.70.Final

Cameo Simulation Toolkit / Magic Model Analyst

Library	Old version	New version	CVEs addressed
jetty	9.4.56.v20240826	9.4.57.v20241219

WebApps

Library	Old version	New version	CVEs addressed
jsoup	1.18.1	1.18.3
thymeleaf	3.1.2.RELEASE	3.1.3.RELEASE
commons-codec	1.17.1	1.17.2
junit5	5.10.3	5.10.5
spring	6.1.13	6.1.18	CVE-2024-38820 CVE-2024-38819
spring-security	6.3.3	6.3.8	CVE-2024-38827 CVE-2024-38821
zookeeper	3.9.2	3.9.3
jackson	2.17.2	2.17.3
slf4j	2.0.13	2.0.17
asm	9.7	9.7.1
XmlBeans	5.2.1	5.2.2
xmlsec	2.3.4	2.3.5	CVE-2024-9823 CVE-2024-8184 CVE-2024-34447 CVE-2024-31573 CVE-2024-30172 CVE-2024-30171 CVE-2024-29857
thymeleaf	3.1.2.RELEASE	3.1.3.RELEASE
commons-codec	1.17.1	1.17.2

Modeling tools

Library	Old version	New version	CVEs addressed
velocity-engine-core	2.3	2.4.1	CVE-2024-47554
commons-lang3	3.14	3.17

Cameo DataHub

Library	Old version	New version	CVEs addressed
velocity-engine-core	2.3	2.4.1	CVE-2024-47554
xstream	1.4.20	1.4.21
commons-io	2.4	2.18.0

Data Modeling Notations

Library	Old version	New version	CVEs addressed
velocity-engine-core	2.3	2.4.1	CVE-2024-47554

MagicReport / ReportWizard

Library	Old version	New version	CVEs addressed
velocity-engine-core	2.3	2.4.1	CVE-2024-47554
commons-lang3	3.14	3.17