...
FlexDeploy-10871 - The version of Apache Mina SSHD that FlexDeploy uses is vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2023-48795. SVNKit plans to modify their dependencies in a future release, but it isn’t available yet. This will is expected to be addressed in a future FlexDeploy Version 9.0.0.2.
FlexDeploy-10872 - The version of Trilead SSH2 that ships with SVNKit FlexDeploy uses is vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2023-48795. SVNKit plans to modify their dependencies in a future release, but it isn’t available yet. This will be addressed in a future FlexDeploy Version.
...
FLEXDEPLOY-7748 - SVNKit reports that it is not affected by CVE-2022-45047 as it doesn’t use Apache SSHD library to load or save private key - key data is loaded externally. Nevertheless, SVNKit 1.10.11 will include newer version of Apache SSHD library (2.9.2) with that vulnerability fixed. FlexDeploy will consider upgrading upgraded to that version of SVNKitin 8.0.0.0.
February 27, 2023
Snake YAML vulnerability CVE-2022-1471 does not affect FlexDeploy due to our constructor usage.
SVNKit ships with a version of Apache SSHD that may be affected by CVE-2022-45047. Flexagon is in communication with TMateSoft to determine if they are upgrading to a newer version, or if they consider the issue to not be concerning due to their usage. This page will be updated when we know moreHowever, FlexDeploy was updated in 8.0.0.0.
FLEXDEPLOY-7681 - The version of GraphQL that ships with FlexDeploy is vulnerable to CVE-2022-37734. Resolved in 7.0.0.0
...