Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Scan library updates #4979

marcbejerano opened this issue Jun 19, 2019 · 4 comments


Copy link

commented Jun 19, 2019

Not necessarily a feature request but we are trying to deploy Rundeck at work and our security scan is going nuts with the number of CVE's that are popping up. Almost all are relted to outdated libraries (BouncyCastle, Jackson, Spring, etc.)

We tried updating them ourselves but it turned into far more work than we could handle (we are a two-man team building a solution for management).


This comment has been minimized.

Copy link

commented Jun 20, 2019

Can you post the rundeck version?


This comment has been minimized.

Copy link

commented Jun 20, 2019

@gschueler gschueler added the security label Jul 1, 2019

@gschueler gschueler added this to the 3.1.0-RC2 milestone Jul 8, 2019

@ahormazabal ahormazabal self-assigned this Jul 9, 2019

gschueler added a commit that referenced this issue Jul 17, 2019

Merge pull request #5047 from ahormazabal/vbumps/update-201907
Issues #5002, #4979, #4463, #4464, #4465, #4466 - Update several library dependencies to address reported CVEs.

This comment has been minimized.

Copy link

commented Jul 18, 2019

PR #5047 and #5048 addresses the following version updates for 3.1 and 3.0.x respectively:

Dependency From To
jackson-databind 2.8.11
spring-security 4.2.7 4.2.13
logback 1.1.11 1.2.3
postgresql-jdbc 42.2.2 42.2.6
h2 1.4.197 1.4.199

The following dependencies are still in the works:

  • bouncycastle
  • spring framework
  • c3p0
  • moment.js

This comment has been minimized.

Copy link

commented Jul 19, 2019

Closing this issue for the already fixed cves, and created a new one for the remaining ones: #5077

@gschueler gschueler closed this Jul 19, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
3 participants
You can’t perform that action at this time.