Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-26226

Update commons-configuration in Bamboo Data Center to satisfy scanners for CVE-2025-46392

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Dependencies, Security
    • None
    • 1

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Summary

      This suggestion is a request to upgrade the classpath below just to satisfy security scanners. Some security scanners might report it as vulnerable to CVE-2025-46392, but Bamboo is not vulnerable.

      Commons Configuration
      File: <remote-agent-home>/classpath/commons-configuration-1.4-atlassian-1.jar
      File: atlassian-bamboo-9.4.0/atlassian-bamboo/WEB-INF/lib/commons-configuration-1.4-atlassian-1.jar

      Solution

      Although Bamboo is not vulnerable to CVE-2025-46392 because it does not load untrusted configurations nor uses unexpected usage patterns (a requirement for the CVE), the request is to upgrade Commons Configuration to version 2.x just to satisfy security scanners.

              Unassigned Unassigned
              7bef8aece2a3 Eduardo Collaziol
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: