[OPT-6197] Optimize 3.8.2 Dependency Update

Type: Task
Resolution: Done
Priority: L3 - Default
Fix Version/s: 3.8.2
Affects Version/s: None
Component/s: documentation
Labels:
- SUPPORT
- documentation

Effort:
Not defined

Context:

With Optimize 3.8.2 a couple of dependencies got updated:

https://github.com/camunda/camunda-optimize/pulls?q=is%3Apr+is%3Amerged+base%3Amaintenance%2F3.8++label%3Adependencies+

Updates backend dependencies:

Updates frontend dependencies:

AT:

check each of the updates whether they fix CVEs that Optimize was affected by
update the third-party dependencies in the docs https://docs.camunda.io/docs/reference/dependencies/#optimize-dependencies-front-end

This is the controller panel for Smart Panels app

Sebastian Bathke added a comment - 13/May/22 11:33 AM

https://github.com/camunda/camunda-platform-docs/pull/905

Sebastian Bathke added a comment - 13/May/22 11:33 AM https://github.com/camunda/camunda-platform-docs/pull/905

Sebastian Bathke added a comment - 13/May/22 11:48 AM - edited

In terms of CVEs:

java-jwt from 3.19.1 to 3.19.2 contained:

[SDK-3311] Added protection against https://nvd.nist.gov/vuln/detail/CVE-2022-21449

Assessment: This CVE relates to the JDK used and is this not considered worth mentioning from the Camunda perspective. Customers should update the JDK, as our docker image ships with the JDK 11 which is according to the CVE not affected we don't need to communicate proactively about this CVE.

spring-framework 5.3.19/20 contained:

fix for https://nvd.nist.gov/vuln/detail/CVE-2022-22965

Assessment: Optimize wasn't affected by that as Spring MVC/Webflux is not used.

Sebastian Bathke added a comment - 13/May/22 11:48 AM - edited In terms of CVEs: java-jwt from 3.19.1 to 3.19.2 contained: [SDK-3311] Added protection against https://nvd.nist.gov/vuln/detail/CVE-2022-21449 Assessment: This CVE relates to the JDK used and is this not considered worth mentioning from the Camunda perspective. Customers should update the JDK, as our docker image ships with the JDK 11 which is according to the CVE not affected we don't need to communicate proactively about this CVE. spring-framework 5.3.19/20 contained: fix for https://nvd.nist.gov/vuln/detail/CVE-2022-22965 Assessment: Optimize wasn't affected by that as Spring MVC/Webflux is not used.

Assignee:: Unassigned

Reporter:: Sebastian Bathke

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 11/May/22 10:29 AM

Updated:: 01/Aug/22 5:04 PM

Resolved:: 13/May/22 1:44 PM

Camunda Optimize

Details

Description

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Activity

Collapse comment: Sebastian Bathke added a comment - 13/May/22 11:33 AM

Expand comment: Sebastian Bathke added a comment - 13/May/22 11:33 AM

Collapse comment: Sebastian Bathke added a comment - 13/May/22 11:48 AM, Edited by Sebastian Bathke - 13/May/22 1:43 PM

Expand comment: Sebastian Bathke added a comment - 13/May/22 11:48 AM, Edited by Sebastian Bathke - 13/May/22 1:43 PM

People

Dates

Salesforce