Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Known Vulnerabilities in Use Library #1607

Closed
hehnle opened this issue Nov 25, 2019 · 2 comments
Closed

Known Vulnerabilities in Use Library #1607

hehnle opened this issue Nov 25, 2019 · 2 comments
Milestone
M33

Comments

@hehnle
Copy link

hehnle commented Nov 25, 2019

The Camunda Modeler for Linux Version 3.3.5 and 3.4.1 (only these two were tested) contain the OpenSSL Library Version 1.1.0, which contains itself known vulnerabilities that have been fixed in mor recent versions.

CVE-2019-1563
CVE-2019-1547
CVE-2019-1552
CVE-2019-1543
CVE-2018-5407
CVE-2018-0734
CVE-2018-0735
CVE-2018-0732
CVE-2018-0737

The outdated library should be replaced with a more recent one in order to not be longer exposed to these vulnerabilities.
@nikku
Copy link
Member

nikku commented Nov 27, 2019
edited

Will be fixed via #1448

@nikku nikku added the backlog Queued in backlog label Nov 27, 2019
@nikku nikku added this to the M33 milestone Jan 22, 2020
@nikku
Copy link
Member

nikku commented Jan 22, 2020

The upcoming v3.6 release uses Electron@7 under the hood. That should fix the issue.

@nikku nikku closed this as completed Jan 22, 2020
@bpmn-io-tasks bpmn-io-tasks bot removed the backlog Queued in backlog label Jan 22, 2020
@nikku nikku mentioned this issue Jan 22, 2020
Closed
24 tasks
@pinussilvestrus pinussilvestrus mentioned this issue Jan 23, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
M33
Development

No branches or pull requests
2 participants
@nikku @hehnle