...
FLEXDEPLOY-11605 - The versions of Apache Tomcat that ships with FlexDeploy are vulnerable to CVE-2024-24549 and CVE-2024-23672. CVE-2024-24549 is regarding HTTP/2, which Flexagon has not recommended, so no customers should be affected. CVE-2024-23672 is in regards to WebSockets, which FlexDeploy does not use. Tomcat will be updated in future versionsThis vulnerability is patched in version 8.0.0.0.
February 29, 2024
FLEXDEPLOY-11369 - The version of oauth2-oidc-sdk that ships with FlexDeploy is vulnerable to an XXE attach identified by SNYK as SNYK-JAVA-COMNIMBUSDS-1243767. This jar will be updated in 8.0.0.0.
...