Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: EAP7
Labels:
None

Blocked:
False
Ready:
False
Release Note Text:
Undefined
Git Pull Request:
https://github.com/jboss-container-images/jboss-eap-7-openshift-image/pull/412, https://github.com/jboss-openshift/cct_module/pull/395, https://github.com/wildfly/wildfly-cekit-modules/pull/228
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

A customer security scan sent to secalert@ recently found a CVE[1] in
the rh-maven35-maven package, installed in the
jboss-eap-7/eap73-openjdk8-openshift-rhel7[2] container image. CVE
detection aside, the Maven 3.5 software collection has been EOL since
October 2020[3]. The later version, Maven 3.6 is now available.

Dependencies on other unsupported Red Hat products is a moderate level
Exception, under ProdSec's support policy.

Migrate from Maven 3.5 to Maven 3.6 in all supported Middleware containers.

[1] https://access.redhat.com/security/cve/CVE-2020-13956
[2] https://catalog.redhat.com/software/containers/jboss-eap-7/eap73-openjdk8-openshift-rhel7/5df3b3fbdd19c77896ecced3
[3] https://access.redhat.com/support/policy/updates/rhscl-rhel7

is related to

CLOUD-3955 [EAP 7.4.0] Update Maven to 3.6.x

Verified

Assignee:: Daniel Kreling

Reporter:: Daniel Kreling

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2021/03/30 6:52 AM

Updated:: 2024/02/08 3:06 PM

Resolved:: 2021/04/14 5:49 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates