Skip to content
Failed

Changes

Summary

  1. [GovWayCore] (commit: 64350f2) (details)
  2. [ProtocolloModIPA] (commit: 05f66e5) (details)
Commit 64350f25be504be36dc1e644eccbfea69afeab7a by Andrea Poli
[GovWayCore]
Sono state risolte le seguenti vulnerabilità relative ai jar di terza parte:
- CVE-2024-47554:
        aggiornata libreria 'commons-io:commons-io' alla versione 2.15.1
        aggiornata libreria 'org.apache.velocity:velocity-engine-core' alla versione 2.4
- CVE-2024-45772: aggiornate librerie 'org.apache.lucene:*' alla versione 9.12.0
(commit: 64350f2)
The file was modifiedtools/rs/config/server/ant/openspcoop2-govwayConfigApiRS-war.xml (diff)
The file was modifiedtestsuite/ant/openspcoop2-testsuite-war.xml (diff)
The file was modifiedtools/utils/src/org/openspcoop2/utils/xml/AbstractXMLDiff.java (diff)
The file was removedthird-party-licenses/lucene/lucene-misc-9.4.1/LICENSE.txt
The file was addedresources/doc/src/manuali/vulnerability-management/falsePositive/CVE-2024-9329.rst
The file was modifiedcore/src/org/openspcoop2/pdd/mdb/ConsegnaContenutiApplicativi.java (diff)
The file was modifiedcore/ant/openspcoop2-war.xml (diff)
The file was modifiedresources/doc/src/manuali/vulnerability-management/securityAdvisory/2024/index.rst (diff)
The file was modifiedcore/src/org/openspcoop2/pdd/services/service/RicezioneContenutiApplicativiService.java (diff)
The file was modifiedtools/utils/src/org/openspcoop2/utils/test/resource/TestCopyStream.java (diff)
The file was modifiedprotocolli/trasparente/testsuite/src/org/openspcoop2/protocol/trasparente/testsuite/units/utils/MTOMUtilities.java (diff)
The file was modifiedmvn/dependencies/lucene/pom.xml (diff)
The file was modifiedcore/src/org/openspcoop2/pdd/core/connettori/ConnettoreStresstest.java (diff)
The file was addedthird-party-licenses/lucene/lucene-codecs-9.12.0/LICENSE.txt
The file was modifiedcore/src/org/openspcoop2/message/utils/ServletTestService.java (diff)
The file was modifiedlib/openspcoop2.userlibraries (diff)
The file was modifiedcore/src/org/openspcoop2/pdd/core/connettori/ConnettoreNULL.java (diff)
The file was modifiedmvn/dependencies/shared/pom.xml (diff)
The file was modifiedprotocolli/spcoop/example/registroServizi/wsdl/build.xml (diff)
The file was modifiedcore/ant/openspcoop2-ear.xml (diff)
The file was modifiedtools/utils/src/org/openspcoop2/utils/csv/Parser.java (diff)
The file was addedthird-party-licenses/shared/velocity-engine-core-2.4/LICENSE
The file was modifiedtools/utils/src/org/openspcoop2/utils/mail/CommonsNetSender.java (diff)
The file was addedthird-party-licenses/lucene/lucene-core-9.12.0/LICENSE.txt
The file was modifiedprotocolli/trasparente/example/server/MTOMExample/src/org/openspcoop2/example/server/mtom/ws/MTOMServiceExample_MTOMServiceExampleSOAP11InterfaceEndpoint_Client.java (diff)
The file was modifiedmvn/dependencies/commons/pom.xml (diff)
The file was removedthird-party-licenses/commons/commons-io-2.11.0/LICENSE.txt
The file was modifiedtools/web_interfaces/monitor/ant/openspcoop2-govwayMonitor-war.xml (diff)
The file was removedthird-party-licenses/lucene/lucene-queries-9.4.1/LICENSE.txt
The file was addedthird-party-licenses/lucene/lucene-queries-9.12.0/LICENSE.txt
The file was modifiedprotocolli/trasparente/example/server/MTOMExample/src/org/openspcoop2/example/server/mtom/ws/MTOMServiceExample_MTOMServiceExampleSOAP12InterfaceEndpoint_Client.java (diff)
The file was removedthird-party-licenses/shared/velocity-engine-core-2.3/LICENSE
The file was modifiedant/commons/stub-build.xml (diff)
The file was modifiedcore/src/org/openspcoop2/pdd/services/ServicesUtils.java (diff)
The file was modifiedtools/web_interfaces/control_station/ant/openspcoop2-govwayConsole-war.xml (diff)
The file was modifiedtools/utils/src/org/openspcoop2/utils/CopyCharStream.java (diff)
The file was addedresources/doc/src/manuali/vulnerability-management/securityAdvisory/2024/CVE-2024-45772.rst
The file was modifiedmvn/dependencies/pom.xml (diff)
The file was modifiedexample/pdd/server/testService/build.xml (diff)
The file was modifiedcore/src/org/openspcoop2/pdd/services/service/RicezioneBusteService.java (diff)
The file was addedthird-party-licenses/commons/commons-io-2.15.1/LICENSE.txt
The file was modifiedprotocolli/trasparente/example/server/MTOMExample/src/org/openspcoop2/example/server/mtom/ws/MTOMServiceExampleImpl.java (diff)
The file was modifiedmvn/dependencies/owasp/falsePositives/CVE-2021-37533.xml (diff)
The file was modifiedant/commons/swagger-codegen.xml (diff)
The file was addedresources/doc/src/manuali/vulnerability-management/securityAdvisory/2024/CVE-2024-47554.rst
The file was modifiedChangeLog (diff)
The file was modifiedresources/doc/src/manuali/vulnerability-management/falsePositive/index.rst (diff)
The file was addedthird-party-licenses/lucene/lucene-misc-9.12.0/LICENSE.txt
The file was modifiedtools/rs/monitor/server/ant/openspcoop2-govwayMonitorApiRS-war.xml (diff)
The file was addedmvn/dependencies/owasp/falsePositives/CVE-2024-9329.xml
The file was addedthird-party-licenses/lucene/lucene-suggest-9.12.0/LICENSE.txt
The file was removedthird-party-licenses/lucene/lucene-suggest-9.4.1/LICENSE.txt
The file was modifiedtools/utils/src/org/openspcoop2/utils/TestCopyStream.java (diff)
The file was removedthird-party-licenses/lucene/lucene-core-9.4.1/LICENSE.txt
The file was modifiedtools/web_interfaces/loader/ant/openspcoop2-govwayLoader-war.xml (diff)
The file was removedthird-party-licenses/lucene/lucene-codecs-9.4.1/LICENSE.txt
Commit 05f66e5b819d9a1e09a970a0872cf97664e01316 by Andrea Poli
[ProtocolloModIPA]
Nella configurazione di un'API ModI con pattern INTEGRITY_REST, scegliere l'header HTTP Custom-JWT-Signature comporta che la gestione dell’integrità non venga eseguita in modo integrato, ma sia demandata all’applicazione.
Dato questo comportamento, la maschera di configurazione non era del tutto intuitiva e poteva far pensare che si stesse solo modificando il nome dell'header HTTP, mentre cambia anche la modalità di gestione dell’integrità.
È stata quindi aggiunta una nota esplicativa per chiarire meglio il funzionamento.
(commit: 05f66e5)
The file was modifiedprotocolli/modipa/src/org/openspcoop2/protocol/modipa/properties/ModIDynamicConfigurationAccordiParteComuneSicurezzaMessaggioUtilities.java (diff)
The file was modifiedprotocolli/modipa/src/org/openspcoop2/protocol/modipa/constants/ModIConsoleCostanti.java (diff)
The file was modifiedChangeLog (diff)