Release Notes
v5.25.16 on the GitHub
Fixes Vulnerabilities
Java libraries:
- CVE-2022-40152 (Woodstock)
- CVE-2018-10237 (Guava)
- CVE-2020-8908 (Guava)
- CVE-2023-2976 (Guava)
- CVE-2023-3635 (Okio)
- CVE-2022-40151 (XStream)
- CVE-2022-41966 (XStream)
- CVE-2022-46363 (CXF)
- CVE-2022-46364 (CXF)
- CVE-2023-28708 (Tomcat)
- CVE-2023-46589 (Tomcat)
- CVE-2023-31418 (Elasticsearch)
- CVE-2023-20861 (Spring Framework)
- CVE-2023-20863 (Spring Framework)
- CVE-2023-34034 (Spring Security)
- CVE-2023-20862 (Spring Security)
- CVE-2023-34453 (Snappy java)
- CVE-2023-34454 (Snappy java)
- CVE-2023-34455 (Snappy java)
- CVE-2023-43642 (Snappy java)
- CVE-2022-1471 (SnakeYAML)
Base image (ubuntu):
- CVE-2021-39537 (ncurses)
- CVE-2022-28321 (libpam)
- CVE-2022-29458 (ncurses)
- CVE-2022-3821 (systemd)
- CVE-2022-40674 (libexpat1)
- CVE-2022-43680 (libexpat1)
- CVE-2022-4415 (systemd)
- CVE-2022-48303 (tar)
- CVE-2023-0361 (libgnutls30)
- CVE-2023-29491 (ncurses)
- CVE-2023-31484 (perl-base)
- CVE-2023-39804 (tar)
- CVE-2023-4016 (procps)
- CVE-2023-47038 (perl-base)
- CVE-2023-4806 (libc6)
- CVE-2023-5981 (libgnutls30)
Updated Libraries
- Apache CXF 3.5.7
- Spring Framework 5.3.31
- Spring Security 5.8.9
- Bouncy Castle Provider 1.77
- Guava 32.0.0-jre
- Xstream 1.4.20
- snappy-java 1.1.10.4
- okhttp 4.12.0
- Tomcat 9.0.84
- Slf4j 2.0.11
- Log4j 2.22.1
- Swagger UI 5.10.3
- Swagger Parser 2.1.19
- Swagger Core 2.2.19
- Jackson 2.16.1
- SnakeYAML 2.2
- Elasticsearch 7.17.16
- Elasticsearch Cluster Runner 7.10.2.0
