On this page
TWC
Library | Old version | New version | CVEs addressed |
Logback | 1.2.11 | 1.5.3 | CVE-2023-34478 CVE-2023-6378 |
Jackson | 2.14.12 | 2.17.0 | CVE-2023-35116 |
Guava | 31.1 | 33.2.1 | CVE-2023-2976 |
Graphite metrics | 4.2.7 | 4.2.25 | CVE-2023-46120 |
Zookeper | 3.6.3 | 3.9.2 | CVE-2023-44981 |
Shiro | 1.11.0 | 1.13.0 | CVE-2023-46749 |
JSON | 20230227 | 20240303 | CVE-2023-5072 |
SnakeYaml | 1.33 | 2.2 | CVE-2022-1471 |
Netty | 4.1.87.Final | 4.1.110.Final | CVE-2023-44487 |
Jetty | 9.4.48 | 9.4.54 | CVE-2023-36478 |
ElasticSearch | 7.17.1 | 7.17.21 | CVE-2023-46674 |
| Spring Web | 5.3.27 | 5.3.36 | CVE-2024-22262 CVE-2024-22259 CVE-2024-22243 |
| Nimbus JOSE+JWT | 9.31 | 9.40 | CVE-2023-52428 CVE-2024-30172 CVE-2024-30171 CVE-2024-29857 CVE-2023-51775 CVE-2023-33202 CVE-2023-33201 CVE-2023-31582 |
| Bouncy Castle Provider | 1.70 | 1.78.1 | CVE-2024-30172 CVE-2024-30171 CVE-2024-29857 CVE-2023-33202 CVE-2023-33201 |
CST
Library | Old version | New version | CVEs addressed |
| Jetty | 9.4.48 | 9.4.54 | CVE-2023-36478 |
TBD
CCM
TBD
DataHub
| Library | Old Version | New version | CVEs addressed |
| ant-nodeps | 1.8.1 | -- removed - | CVE-2020-1945 |
| derby | 10.15.2.0 | -- needed only for tests -- | CVE-2022-46337 |
| h2 | 2.1.210 | 2.2.224 ( has CVE-2018-14335 ) | CVE-2022-45868 |
| xstream | 1.4.19 | 1.4.20 | CVE-2022-40151 |
WebApps
Library | Old version | New version | CVEs addressed |
| jython-standalone | 2.7.2 | 2.7.4a1.1-DEV | CVE-2020-8908 |
| bcprov-jdk15on | 1.70 | 1.78.1 | CVE-2024-30172 CVE-2024-30171 CVE-2024-29857 CVE-2023-33202 CVE-2023-33201 |
| Spring Security | 5.8.2 | 5.8.12 | CVE-2024-22257 CVE-2023-20862 CVE-2023-20863 CVE-2023-20861 |
| Spring Data for Apache Cassandra | 3.4.10 | 3.4.18 | CVE-2023-20863 |
| Apache Commons Codec | 1.15 | 1.17.0 | CVE-2020-15250 |
| Apache Commons Validator | 1.7 | 1.9.0 | CVE-2020-15250 |
| Spring | 5.3.33 | 5.3.36 | CVE-2024-22262 CVE-2016-1000027 |
| SLF4J | 2.0.12 | 2.0.13 | |
| commons-logging | 1.3.0 | 1.3.2 | CVE-2023-6378 CVE-2022-23307 CVE-2022-23305 CVE-2022-23302 CVE-2021-4104 CVE-2019-17571 |
| Jackson | 2.14.3 | 2.17.0 | |
| Artemis | 2.33.0 | 2.34.0 | CVE-2024-29133 CVE-2024-29131 CVE-2024-29025 CVE-2022-46337 |
| Zookeeper | 3.7.2 | 3.9.2 | CVE-2024-30172 CVE-2024-30171 CVE-2024-29857 CVE-2023-4586 CVE-2023-33202 CVE-2023-33201 CVE-2020-26939 CVE-2020-15522 |
| Logback | 1.4.14 | 1.5.6 | |
| jsoup | 1.15.3 | 1.15.4 | CVE-2023-26049 CVE-2023-26048 |
| thymeleaf | 3.1.1.RELEASE | 3.1.2.RELEASE | |
| caffeine | 3.1.2 | 3.1.8 | CVE-2024-30172 CVE-2024-30171 CVE-2024-29857 CVE-2023-33202 CVE-2023-33201 CVE-2022-41966 CVE-2022-40151 CVE-2022-1471 |
Modeling tools
Library | Old version | New version | CVEs addressed |
| jtidy | r938 | 1.0.5 | CVE-2022-23307 CVE-2022-23305 CVE-2022-23302 CVE-2021-4104 CVE-2019-17571 |
| batik-all | 1.16 | 1.17 | CVE-2022-44730 CVE-2022-44729 |
| bcprov-jdk15on | 1.68 | 1.78 | CVE-2024-30172 CVE-2024-30171 CVE-2024-29857 CVE-2023-33202 CVE-2023-33201 |
| jython-standalone | 2.7.3 | 2.7.4a1.1-DEV | CVE-2020-8908 |
jackson-annotations jackon-core | 2.14.2 | 2.17.0 | CVE-2023-35116 |
| slf4j-api | 1.7.25 | (using provided from twc client) | |
| org.eclipse.emf.ecore.xmi | 2.18.0 | (using provided from twc client) | |
| org.eclipse.emf.common | 2.28.0 | (using provided from twc client) | |
| metrics-core | 3.2.2 | (using provided from twc client) | |
| metrics-graphite | 3.2.2 | (using provided from twc client) | |
| com.typesafe.config | 1.3.0 | (using provided from twc client) | |
| jackson-databind | 2.14.2 | (using provided from twc client) | |
| commons-compress | 1.21 | 1.26.1 | CVE-2024-25710 CVE-2024-26308 |