Uploaded image for project: 'Cloud Enablement'
  1. Cloud Enablement
  2. CLOUD-3951

EOL'd packages in EAP openshift middleware containers

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • EAP7
    • None

      A customer security scan sent to secalert@ recently found a CVE[1] in
      the rh-maven35-maven package, installed in the
      jboss-eap-7/eap73-openjdk8-openshift-rhel7[2] container image. CVE
      detection aside, the Maven 3.5 software collection has been EOL since
      October 2020[3]. The later version, Maven 3.6 is now available.

      Dependencies on other unsupported Red Hat products is a moderate level
      Exception, under ProdSec's support policy.

      Migrate from Maven 3.5 to Maven 3.6 in all supported Middleware containers.

      [1] https://access.redhat.com/security/cve/CVE-2020-13956
      [2] https://catalog.redhat.com/software/containers/jboss-eap-7/eap73-openjdk8-openshift-rhel7/5df3b3fbdd19c77896ecced3
      [3] https://access.redhat.com/support/policy/updates/rhscl-rhel7

            dkreling Daniel Kreling
            dkreling Daniel Kreling
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: