-
Type:
Public Security Vulnerability
-
Resolution: Fixed
-
Priority:
Low
-
Affects Version/s: 4.7.0, 4.8.0
-
Component/s: None
-
9.8
-
Critical
-
CVE-2018-10006
Update Atlassian Platform from 3.5.17 to 3.5.19. The new platform version brings changes in the following libraries:
- update com.atlassian.applinks:* from 5.4.21 to 5.4.23
- update com.atlassian.plugins:* from 4.4.10 to 4.4.14
- update com.atlassian.sal:* from 3.1.2 to 3.1.3
- update com.atlassian.streams:* from 6.3.4 to 6.3.5
Vulnerabilities fixed in Atlassian Platform 3.5.19:
- CVE-2019-17571 (removed unnecessary log4j dependency)
- CVE-2020-5398 (updated spring-web)
- CVE-2020-13956 (updated httpclient)
- CVE-2018-1000613 (removed bouncycastle dependency)