Versions Compared

Old Version 69

changes.mady.by.user Karl Henselin

Saved on

compared with

New Version 70

changes.mady.by.user Karl Henselin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Tip

Did you know you can subscribe to updates to security issues and release notes? Right click and copy this link and paste it into Outlook RSS Feeds or your feed reader of choice.

March 13, 2024

FLEXDEPLOY-11605 - The versions of Apache Tomcat that ships with FlexDeploy are vulnerable to CVE-2024-24549 and CVE-2024-23672. CVE-2024-24549 is regarding HTTP/2, which Flexagon has not recommended, so no customers should be affected. CVE-2024-23672 is in regards to WebSockets, which FlexDeploy does not use. Tomcat will be updated in future versions.

February 29, 2024

FLEXDEPLOY-11369 - The version of oauth2-oidc-sdk that ships with FlexDeploy is vulnerable to an XXE attach identified by SNYK as SNYK-JAVA-COMNIMBUSDS-1243767. This jar will be updated in 8.0.0.0.

...