...
FLEXDEPLOY-10814 - Updated Apache Shiro to resolve vulnerability CVE-2023-46750.
FLEXDEPLOY-10839 - Update XMLSEC to resolve vulnerability CVE-2023-44483.
FLEXDEPLOY-10895 - Updated json-smart in FlexDeploy to resolve vulnerability CVE-2023-1370.
FLEXDEPLOY-10845 - Prevent a potential authentication bypass issue on REST calls. The calls were still authorized, but some REST calls allowed non-secured data to be read without authentication in certain cases. Affects versions 6.0 < 6.0.0.10, 6.5 < 6.5.0.14, 7.0 < 7.0.0.2. This is fixed in versions 6.0.0.10, 6.5.0.14, 7.0.0.2+. Versions < 6.0 are not affected.
Path traversal vulnerability has been resolved and customers are requested to upgrade.
Resolved Issues
FLEXDEPLOY-10864 - Resolved NullPointerException if calling the search REST API without specifying any criteria.
FLEXDEPLOY-10830 - Made the package-based build operations resilient to a transient failure caused by a temporary file that could not be deleted.
Oracle CX Commerce Plugin
FLEXDEPLOY-10498 - Resolved an issue where server side extension build was not including non dev dependencies.
...