Release Notes

v5.25.16 on the GitHub

Fixes Vulnerabilities

Java libraries:

  • CVE-2022-40152 (Woodstock)
  • CVE-2018-10237 (Guava)
  • CVE-2020-8908 (Guava)
  • CVE-2023-2976 (Guava)
  • CVE-2023-3635 (Okio)
  • CVE-2022-40151 (XStream)
  • CVE-2022-41966 (XStream)
  • CVE-2022-46363 (CXF)
  • CVE-2022-46364 (CXF)
  • CVE-2023-28708 (Tomcat)
  • CVE-2023-46589 (Tomcat)
  • CVE-2023-31418 (Elasticsearch)
  • CVE-2023-20861 (Spring Framework)
  • CVE-2023-20863 (Spring Framework)
  • CVE-2023-34034 (Spring Security)
  • CVE-2023-20862 (Spring Security)
  • CVE-2023-34453 (Snappy java)
  • CVE-2023-34454 (Snappy java)
  • CVE-2023-34455 (Snappy java)
  • CVE-2023-43642 (Snappy java)
  • CVE-2022-1471 (SnakeYAML)

Base image (ubuntu):

  • CVE-2021-39537 (ncurses)
  • CVE-2022-28321 (libpam)
  • CVE-2022-29458 (ncurses)
  • CVE-2022-3821 (systemd)
  • CVE-2022-40674 (libexpat1)
  • CVE-2022-43680 (libexpat1)
  • CVE-2022-4415 (systemd)
  • CVE-2022-48303 (tar)
  • CVE-2023-0361 (libgnutls30)
  • CVE-2023-29491 (ncurses)
  • CVE-2023-31484 (perl-base)
  • CVE-2023-39804 (tar)
  • CVE-2023-4016 (procps)
  • CVE-2023-47038 (perl-base)
  • CVE-2023-4806 (libc6)
  • CVE-2023-5981 (libgnutls30)

Updated Libraries

  • Apache CXF 3.5.7
  • Spring Framework 5.3.31
  • Spring Security 5.8.9
  • Bouncy Castle Provider 1.77
  • Guava 32.0.0-jre
  • Xstream 1.4.20
  • snappy-java 1.1.10.4
  • okhttp 4.12.0
  • Tomcat 9.0.84
  • Slf4j 2.0.11
  • Log4j 2.22.1
  • Swagger UI 5.10.3
  • Swagger Parser 2.1.19
  • Swagger Core 2.2.19
  • Jackson 2.16.1
  • SnakeYAML 2.2
  • Elasticsearch 7.17.16
  • Elasticsearch Cluster Runner 7.10.2.0

© Copyright OpenL Tablets, 2004-2024