Backend Libraries Updated
15 views
Skip to first unread message
Greg Logan
Sep 21, 2017, 5:16:56 PM9/21/17
to security...@opencast.org
Hello,
This is the official security notice regarding a set of issues in Opencast 3 prior to Opencast 3.3.
Description:
Opencast 3 ships with a set of common Java libraries which contain known vulnerabilities.
Details:
Opencast 3.3 updates the version of commons-codec, commons-fileupload, com.springsource.org.apache.commons.beanutils, and gson to newer versions. The previous versions of these libraries contained known issues. A non-exhaustive list can be found below
commons-fileupload:
- CVE-2013-0248
- CVE-2014-0050
- CVE-2016-3092
cxf-core:
- CVE-2017-5656
- CVE-2017-5653
- CVE-2017-3156
- CVE-2016-8739
- CVE-2016-6812
- CVE-2013-0248
- CVE-2014-0050
- CVE-2016-3092
cxf-core:
- CVE-2017-5656
- CVE-2017-5653
- CVE-2017-3156
- CVE-2016-8739
- CVE-2016-6812
Patching the system:
Opencast 3.3 is a drop in replacement for all prior versions of Opencast 3. Users are encouraged to update as soon as possible. Packaged versions should be available shortly.
Credits:
This issue was discovered and fixed by Lars Kiesow (University of Osnabruck)
Reply all
Reply to author
Forward
0 new messages