Skip to content

Upgraded libraries with vulnerabilities flagged by Software Composition Analysis.#41

Open
tym-makowski-elekta wants to merge 5 commits into
johnperry:masterfrom
tym-makowski-elekta:E2EQA-13009-VeracodeLibraryUpgrades
Open

Upgraded libraries with vulnerabilities flagged by Software Composition Analysis.#41
tym-makowski-elekta wants to merge 5 commits into
johnperry:masterfrom
tym-makowski-elekta:E2EQA-13009-VeracodeLibraryUpgrades

Conversation

@tym-makowski-elekta

@tym-makowski-elekta tym-makowski-elekta commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
  • During an SCA scan on 09.06.2026 the following library versions were flagged as having at least 1 high or medium vulnerability:
    • log4j-core-2.17.2
    • commons-vfs2-2.0
    • commons-net-3.3
    • commons-compress-1.0
  • As a result the flagged libraries and their dependencies were upgraded:
    • log4j-core-2.17.2 -> log4j-core-2.26.0
    • log4j-api-2.17.2 -> log4j-api-2.26.0
    • log4j-1.2-api-2.17.2 -> log4j-1.2-api-2.26.0
    • commons-vfs2-2.0 -> commons-vfs2-2.10.0
    • commons-net-3.3 -> commons-net-3.13.0
    • commons-logging-1.2 -> commons-logging-1.3.6
    • commons-compress-1.0 -> commons-compress-1.27.1
    • jsch-0.1.53 -> jsch-0.1.55
  • util.jar was also updated to the latest version to reflect the library upgrades above.

@tym-makowski-elekta tym-makowski-elekta marked this pull request as draft June 12, 2026 09:32
@tym-makowski-elekta tym-makowski-elekta marked this pull request as ready for review June 15, 2026 08:05
@tym-makowski-elekta tym-makowski-elekta mentioned this pull request Jun 19, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tym-makowski-elekta