...
FLEXDEPLOY-12828 -Internal testing found that XXE injection was possible in the FlexDeploy application as well as the HPTest, Junit, Oats, ApexSec, ODB, Soapui, and TestNG plugins. The FlexDeploy application was patched in versions 6.5for version 9.0.20, 7.0.0. 11, and 8.0.0.6. The plugins were patched in version 8.0.0.6 and 9.0.0.0.
August 23, 2024
FLEXDEPLOY-12739 - The version of Jackson Databind in the Automation Anywhere, JUnit, Oracle Apex Sec, and Tricentis Tosca plugins is vulnerable to CVE-2022-42004 and
CVE-2022-42003. Version 8.0.0.5 updates this version resolving these vulnerabilities.
...