• Type: Task
• Resolution: Fixed
• Priority: L3 - Default
• Fix Version/s: 7.11.0, 7.11.0-alpha4
• Affects Version/s: None
• Component/s: engine
• Labels:

  None

This is the controller panel for Smart Panels app

[CAM-9588] Update RESTeasy to ≥ 3.0.22

Tassilo Weidner created issue - 12/Dec/18 4:41 PM

Tassilo Weidner made changes - 12/Dec/18 4:44 PM

Description

Original: * On Tomcat, Wildfly & jBoss AS / EAP the {{engine-rest}} artefact uses RESTeasy {{3.0.12}} * The {{}} which has a vulnerability in the deserialisation of YAML. This could lead under certain conditions to arbitrary code execution. *AT* Bump RESTeasy to version {{3.0.22}} Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 *

New: * On Tomcat, Wildfly & jBoss AS / EAP the {{engine-rest}} artefact uses RESTeasy {{3.0.12}} * This security vulnerability is not included in the core component of RESTeasy but is part of the extension {{resteasy-yaml-provider}} * The optional artefact {{resteasy-yaml-provider}} is not used by Camunda BPM *AT* Bump RESTeasy to version {{3.0.22}} or higher. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 *

Tassilo Weidner made changes - 12/Dec/18 4:44 PM

Description

Original: * On Tomcat, Wildfly & jBoss AS / EAP the {{engine-rest}} artefact uses RESTeasy {{3.0.12}} * This security vulnerability is not included in the core component of RESTeasy but is part of the extension {{resteasy-yaml-provider}} * The optional artefact {{resteasy-yaml-provider}} is not used by Camunda BPM *AT* Bump RESTeasy to version {{3.0.22}} or higher. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 *

New: * On Tomcat, Wildfly & jBoss AS / EAP the {{engine-rest}} artefact uses RESTeasy {{3.0.12}} * This security vulnerability is not included in the core component of RESTeasy but is part of the extension {{resteasy-yaml-provider}} * The optional artefact {{resteasy-yaml-provider}} is not used by Camunda BPM *AT* Bump RESTeasy to version {{3.0.22}} or higher. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 * https://docs.jboss.org/resteasy/docs/3.0.12.Final/userguide/html_single/#Built_in_YAML_Provider

Tassilo Weidner made changes - 12/Dec/18 4:44 PM

Description

Original: * On Tomcat, Wildfly & jBoss AS / EAP the {{engine-rest}} artefact uses RESTeasy {{3.0.12}} * This security vulnerability is not included in the core component of RESTeasy but is part of the extension {{resteasy-yaml-provider}} * The optional artefact {{resteasy-yaml-provider}} is not used by Camunda BPM *AT* Bump RESTeasy to version {{3.0.22}} or higher. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 * https://docs.jboss.org/resteasy/docs/3.0.12.Final/userguide/html_single/#Built_in_YAML_Provider

New: * On Tomcat, Wildfly & jBoss AS / EAP the {{engine-rest}} artefact uses RESTeasy {{3.0.12}} * This security vulnerability is not included in the core component of RESTeasy but is part of the extension {{resteasy-yaml-provider}} * The optional artefact {{resteasy-yaml-provider}} is not used by Camunda BPM *AT* Bump RESTeasy to version {{3.0.22}} or higher. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 * https://bugzilla.redhat.com/show_bug.cgi?id=1400644 * https://access.redhat.com/errata/RHSA-2017:1254 * https://docs.jboss.org/resteasy/docs/3.0.12.Final/userguide/html_single/#Built_in_YAML_Provider

Tassilo Weidner made changes - 12/Dec/18 4:45 PM

Description

Original: * On Tomcat, Wildfly & jBoss AS / EAP the {{engine-rest}} artefact uses RESTeasy {{3.0.12}} * This security vulnerability is not included in the core component of RESTeasy but is part of the extension {{resteasy-yaml-provider}} * The optional artefact {{resteasy-yaml-provider}} is not used by Camunda BPM *AT* Bump RESTeasy to version {{3.0.22}} or higher. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 * https://bugzilla.redhat.com/show_bug.cgi?id=1400644 * https://access.redhat.com/errata/RHSA-2017:1254 * https://docs.jboss.org/resteasy/docs/3.0.12.Final/userguide/html_single/#Built_in_YAML_Provider

New: *Problem* * On Tomcat, Wildfly & jBoss AS / EAP the {{engine-rest}} artefact uses RESTeasy {{3.0.12}} * This security vulnerability is not included in the core component of RESTeasy but is part of the extension {{resteasy-yaml-provider}} * The optional artefact {{resteasy-yaml-provider}} is not used by Camunda BPM *AT* Bump RESTeasy to version {{3.0.22}} or higher. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 * https://bugzilla.redhat.com/show_bug.cgi?id=1400644 * https://access.redhat.com/errata/RHSA-2017:1254 * https://docs.jboss.org/resteasy/docs/3.0.12.Final/userguide/html_single/#Built_in_YAML_Provider

Tassilo Weidner made changes - 12/Dec/18 4:45 PM

Description

Original: *Problem* * On Tomcat, Wildfly & jBoss AS / EAP the {{engine-rest}} artefact uses RESTeasy {{3.0.12}} * This security vulnerability is not included in the core component of RESTeasy but is part of the extension {{resteasy-yaml-provider}} * The optional artefact {{resteasy-yaml-provider}} is not used by Camunda BPM *AT* Bump RESTeasy to version {{3.0.22}} or higher. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 * https://bugzilla.redhat.com/show_bug.cgi?id=1400644 * https://access.redhat.com/errata/RHSA-2017:1254 * https://docs.jboss.org/resteasy/docs/3.0.12.Final/userguide/html_single/#Built_in_YAML_Provider

New: *Problem* * On Tomcat, Wildfly & jBoss AS / EAP the {{engine-rest}} artefact uses RESTeasy {{3.0.12}} * the extension {{resteasy-yaml-provider}} contains a security vulnerability but is *not* included in the core component of RESTeasy * The optional artefact {{resteasy-yaml-provider}} is not used by Camunda BPM *AT* Bump RESTeasy to version {{3.0.22}} or higher. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 * https://bugzilla.redhat.com/show_bug.cgi?id=1400644 * https://access.redhat.com/errata/RHSA-2017:1254 * https://docs.jboss.org/resteasy/docs/3.0.12.Final/userguide/html_single/#Built_in_YAML_Provider

Tassilo Weidner made changes - 12/Dec/18 4:46 PM

Description

Original: *Problem* * On Tomcat, Wildfly & jBoss AS / EAP the {{engine-rest}} artefact uses RESTeasy {{3.0.12}} * the extension {{resteasy-yaml-provider}} contains a security vulnerability but is *not* included in the core component of RESTeasy * The optional artefact {{resteasy-yaml-provider}} is not used by Camunda BPM *AT* Bump RESTeasy to version {{3.0.22}} or higher. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 * https://bugzilla.redhat.com/show_bug.cgi?id=1400644 * https://access.redhat.com/errata/RHSA-2017:1254 * https://docs.jboss.org/resteasy/docs/3.0.12.Final/userguide/html_single/#Built_in_YAML_Provider

New: *Problem* * On Tomcat, Wildfly & jBoss AS / EAP the {{engine-rest}} artefact uses RESTeasy {{3.0.12}} * the extension {{resteasy-yaml-provider}} contains a security vulnerability but is *not* included in the core component of RESTeasy * The optional artefact {{resteasy-yaml-provider}} is not used by Camunda BPM *AT* Bump RESTeasy to a version {{3.0.22}} or later. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 * https://bugzilla.redhat.com/show_bug.cgi?id=1400644 * https://access.redhat.com/errata/RHSA-2017:1254 * https://docs.jboss.org/resteasy/docs/3.0.12.Final/userguide/html_single/#Built_in_YAML_Provider

Tassilo Weidner made changes - 12/Dec/18 4:46 PM

Description

Original: *Problem* * On Tomcat, Wildfly & jBoss AS / EAP the {{engine-rest}} artefact uses RESTeasy {{3.0.12}} * the extension {{resteasy-yaml-provider}} contains a security vulnerability but is *not* included in the core component of RESTeasy * The optional artefact {{resteasy-yaml-provider}} is not used by Camunda BPM *AT* Bump RESTeasy to a version {{3.0.22}} or later. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 * https://bugzilla.redhat.com/show_bug.cgi?id=1400644 * https://access.redhat.com/errata/RHSA-2017:1254 * https://docs.jboss.org/resteasy/docs/3.0.12.Final/userguide/html_single/#Built_in_YAML_Provider

New: *Problem* * On Tomcat, Wildfly & jBoss AS / EAP the {{engine-rest}} artefact uses RESTeasy {{3.0.12}} * The extension {{resteasy-yaml-provider}} contains a security vulnerability but is *not* included in the core component of RESTeasy * The optional artefact {{resteasy-yaml-provider}} is not used by Camunda BPM *AT* Bump RESTeasy to a version {{3.0.22}} or later. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 * https://bugzilla.redhat.com/show_bug.cgi?id=1400644 * https://access.redhat.com/errata/RHSA-2017:1254 * https://docs.jboss.org/resteasy/docs/3.0.12.Final/userguide/html_single/#Built_in_YAML_Provider

Tassilo Weidner made changes - 13/Dec/18 11:58 AM

Description

Original: *Problem* * On Tomcat, Wildfly & jBoss AS / EAP the {{engine-rest}} artefact uses RESTeasy {{3.0.12}} * The extension {{resteasy-yaml-provider}} contains a security vulnerability but is *not* included in the core component of RESTeasy * The optional artefact {{resteasy-yaml-provider}} is not used by Camunda BPM *AT* Bump RESTeasy to a version {{3.0.22}} or later. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 * https://bugzilla.redhat.com/show_bug.cgi?id=1400644 * https://access.redhat.com/errata/RHSA-2017:1254 * https://docs.jboss.org/resteasy/docs/3.0.12.Final/userguide/html_single/#Built_in_YAML_Provider

New: Update RESTeasy. *AT* Bump RESTeasy to a version {{3.0.22}} or later. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 * https://bugzilla.redhat.com/show_bug.cgi?id=1400644 * https://access.redhat.com/errata/RHSA-2017:1254 * https://docs.jboss.org/resteasy/docs/3.0.12.Final/userguide/html_single/#Built_in_YAML_Provider

Tassilo Weidner made changes - 13/Dec/18 11:58 AM

Description

Original: Update RESTeasy. *AT* Bump RESTeasy to a version {{3.0.22}} or later. Further reading: * https://access.redhat.com/security/cve/cve-2016-9606 * https://bugzilla.redhat.com/show_bug.cgi?id=1400644 * https://access.redhat.com/errata/RHSA-2017:1254 * https://docs.jboss.org/resteasy/docs/3.0.12.Final/userguide/html_single/#Built_in_YAML_Provider

New: Update RESTeasy. *AT* Bump RESTeasy to a version {{3.0.22}} or later.

Load more newer events