Security fixes / dependency upgrades
Posted: Wed Jun 08, 2022 3:26 pmHi,
I am building a docker image of the latest serviio and with a 'docker scan' I found several suggestions of dependencies that need to be upgraded to fix High/Critical vulnerabilities (will post the full log if needed):
Issues to fix by upgrading:
Upgrade com.thoughtworks.xstream:xstream@1.4.11.1 to com.thoughtworks.xstream:xstream@1.4.19 to fix
Upgrade commons-io:commons-io@2.6 to commons-io:commons-io@2.7 to fix
Upgrade org.apache.logging.log4j:log4j-core@2.15.0 to org.apache.logging.log4j:log4j-core@2.17.1 to fix
The last one, log4j is a big one and a fix has been available for half a year by now, so it would be great to have these fixed.
I am building a docker image of the latest serviio and with a 'docker scan' I found several suggestions of dependencies that need to be upgraded to fix High/Critical vulnerabilities (will post the full log if needed):
Issues to fix by upgrading:
Upgrade com.thoughtworks.xstream:xstream@1.4.11.1 to com.thoughtworks.xstream:xstream@1.4.19 to fix
Upgrade commons-io:commons-io@2.6 to commons-io:commons-io@2.7 to fix
Upgrade org.apache.logging.log4j:log4j-core@2.15.0 to org.apache.logging.log4j:log4j-core@2.17.1 to fix
The last one, log4j is a big one and a fix has been available for half a year by now, so it would be great to have these fixed.