Issue details
Find here vulnerabilities identified by trivy as I was testing automated vulnerability checks on the repository as well as on the docker image. Having the vulnerabilities may be a blocker in the event changes are pushed to the repo hence requesting if they can be addressed as soon as possible. The PR relating to this can be found here.
Remediation Strategy
High Priority
Other fixes
Issue details
Find here vulnerabilities identified by trivy as I was testing automated vulnerability checks on the repository as well as on the docker image. Having the vulnerabilities may be a blocker in the event changes are pushed to the repo hence requesting if they can be addressed as soon as possible. The PR relating to this can be found here.
Remediation Strategy
High Priority
com.fasterxml.jackson.core:jackson-databindto either2.12.6.1or2.13.2.1to fix all CRITICAL & HIGH vulnerabilities.org.yaml:snakeyamlto1.32org.postgresql:postgresqlto42.4.1org.jdom:jdom2to2.0.6.1org.springframework.amqp:spring-amqpto2.3.2Other fixes
commons-io:commons-ioto2.7io.netty:netty-handlerto4.1.77.Finalcom.amazonaws:aws-java-sdk-s3to1.12.261com.google.protobuf:protobuf-javato either3.16.1,3.18.2or3.19.2io.netty:netty-codecto4.1.77.Finalio.netty:netty-codec-httpto4.1.77.Finalorg.apache.poi:poito5.2.1org.jetbrains.kotlin:kotlin-stdlibto1.6.0org.keycloak:keycloak-coreto17.0.1