Details
-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
4.7.0, 4.8.0
-
None
-
9.8
-
Critical
-
CVE-2018-10006
Description
Update Atlassian Platform from 3.5.17 to 3.5.19. The new platform version brings changes in the following libraries:
- update com.atlassian.applinks:* from 5.4.21 to 5.4.23
- update com.atlassian.plugins:* from 4.4.10 to 4.4.14
- update com.atlassian.sal:* from 3.1.2 to 3.1.3
- update com.atlassian.streams:* from 6.3.4 to 6.3.5
Vulnerabilities fixed in Atlassian Platform 3.5.19:
- CVE-2019-17571 (removed unnecessary log4j dependency)
- CVE-2020-5398 (updated spring-web)
- CVE-2020-13956 (updated httpclient)
- CVE-2018-1000613 (removed bouncycastle dependency)