| Tip |
|---|
Did you know you can subscribe to updates to security issues and release notes? Right click and copy this link and paste it into Outlook RSS Feeds or your feed reader of choice. |
January 7, 2025
FLEXDEPLOY-13800 - The FSM plugin ships with async-http-client-2.12.3.jar which is vulnerable to CVE-2024-53990. This CVE may show up in a vulnerability scan, but would not be relevant to FlexDeploy as there would never be a second user. It will be resolved in a future version.
January 2, 2025
FLEXDEPLOY-13773 - The HTTPS agent also shows the same vulnerabilities as FlexDeploy had before FLEXDEPLOY-13712. Additionally, 2 other CVEs were addressed in this ticket. Updated Tomcat to 9.0.98, commons-compress to 1.26.0, and commons-configuration2 to 2.10.1 for CVE-2024-56337, CVE-2024-50379, CVE-2024-29131, and CVE-2024-29133. Resolved in HTTPS Agent versions 8.0.0.10, 9.0.0.2.
...