honeymoose/hapi-fhir
1
0
Fork 0
mirror of https://github.com/hapifhir/hapi-fhir.git synced 2025-02-28 00:59:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2455 from hapifhir/2454-address-cve-2020-27223

Browse Source 
Address CVE-2020-27223
This commit is contained in:
Diederik Muylwyk 2021-03-06 17:45:27 -05:00 committed by GitHub
commit eb3c155598
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/5_4_0/2454-address-cve-2020-27223.yaml Normal file
View File

@ -0,0 +1,9 @@
---
type: security
issue: 2454
title: "Addressed the following CVE report by bumping the minor version for Jetty in the root POM:
<ul>
<li>
[CVE-2020-27223](https://nvd.nist.gov/vuln/detail/CVE-2020-27223)
</li>
</ul>"

2
pom.xml
View File

@ -782,7 +782,7 @@
<jena_version>3.16.0</jena_version>
<jersey_version>3.0.0</jersey_version>
<!-- 9.4.17 seems to have issues -->
<jetty_version>9.4.35.v20201120</jetty_version>
<jetty_version>9.4.38.v20210224</jetty_version>
<jsr305_version>3.0.2</jsr305_version>
<junit_version>5.7.0</junit_version>
<flyway_version>6.5.4</flyway_version>