Release Notes
v5.25.17 on the GitHub
Fixed vulnerabilities:
Java libraries:
- CVE-2024-25710 (commons-compress)
- CVE-2024-26308 (commons-compress)
- CVE-2024-28752 (CXF)
- CVE-2024-24549 (Tomcat)
- CVE-2024-23672 (Tomcat)
- CVE-2014-3603 (opensaml)
- CVE-2015-1796 (opensaml)
- CVE-2023-4759 (jgit)
- CVE-2024-22257 (Spring Security)
- CVE-2024-22243 (Spring Web)
- CVE-2024-22259 (Spring Web)
- CVE-2024-22262 (Spring Web)
- CVE-2024-21634 (Amazon ion)
Base image (ubuntu):
- CVE-2024-28085 (util-linux)
- CVE-2024-22365 (libpam)
- CVE-2023-4641 (login)
- CVE-2024-0553 (libgnutls30)
Updated Libraries
- Apache CXF 3.5.8
- Spring Framework 5.3.34
- Spring Security 5.8.2
- Bouncy Castle Provider 1.78.1
- Kafka 2.8.2
- Guava 33.1.0-jre
- snappy-java 1.1.10.5
- Cassandra driver 4.17.0
- Tomcat 9.0.88
- Jetty 9.4.54.v20240208
- Slf4j 2.0.13
- Log4j 2.23.1
- Jackson 2.16.2
- Elasticsearch 7.17.20
- Hive JDBC 3.1.3
- Groovy 3.0.21
- Avro 1.11.3
- Zookeeper 3.9.2
- thrift 0.20.0
- ant 1.10.14
- Netty 4.1.109.Final
- Commons lang3 3.14.0
- Commons codec 1.16.1
- Commons IO 2.16.1
- Commons compress 1.26.1
- OpenSAML 2.6.5
- Swagger 1.6.14
- Joda Time 2 .12.7
- IStack runtime 3.0.12
- Hessian 4.0.66
- Amazon S3 1.12.705
- JGit 5.13.3.202401111512-r
- gson 2.10.1
- httpclient 4.5.14