Vulnerabilities (fixed in December 2022)
Customer(s)
All customers are required to update Germain with the below patches.
Description
As part of our SOC2 compliance program, here are the security breaches that have been found in December, and patches to address those. We remain available to help you with these issues. If you have not already, you can create a ticket here: https://germainux.atlassian.net/servicedesk/customer/portal/1 or email us at info@germainux.com
Vulnerability | Severity | Scope | Detected | Reviewed | Resolved | Affected versions | Fix implemented in | Link |
|---|---|---|---|---|---|---|---|---|
HIGH | xstream [1.4.19] => [1.4.20] | 10/29/2022 | 1/3/2023 | 1/3/2023 | <= 2022.4 | 2022.3-55, 2022.4-40 | ||
CRITICAL | spring-security-oauth2-jose [5.6.5] => [5.6.10] | 1/1/2023 | 1/3/2023 | 1/3/2023 | <= 2022.4 | 2022.3-55, 2022.4-40 | https://nvd.nist.gov/vuln/detail/CVE-2022-31690 https://nvd.nist.gov/vuln/detail/CVE-2022-31692 | |
HIGH | netty-transport [4.1.77] => [4.1.86.Final] | 1/1/2023 | 1/3/2023 | 1/3/2023 | <= 2022.4 | 2022.3-55, 2022.4-40 | https://nvd.nist.gov/vuln/detail/CVE-2022-41881 https://nvd.nist.gov/vuln/detail/CVE-2022-41915 | |
HIGH | jetty-io [9.4.46] => [9.4.50.v20221201] | 1/1/2023 | 1/3/2023 | 1/3/2023 | <= 2022.4 | 2022.3-55, 2022.4-40 | ||
CRITICAL | alpine [3.16.2] => [3.17.0] | 1/1/2023 | 1/4/2023 | 1/4/2023 | <= 2022.4 | 2022.3-55, 2022.4-40 | https://security.snyk.io/vuln/SNYK-ALPINE316-LIBTASN1-3173578 | |
HIGH | yauaa [7.6.0] => [7.9.0] | 12/11/2022 | 12/12/2022 | <= 2022.4 | 2022.3.53, 2022.4.33 | |||
HIGH | woodstox-core [6.2.7] => [6.4.0] | 12/11/2022 | 12/12/2022 | <= 2022.4 | 2022.3.53, 2022.4.33 |
Germain 2022.3-55
Download:
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMEngine-2022.3-55-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMEngine-2022.3-55-binary.zip
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMServer-2022.3-55-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMServer-2022.3-55-binary.zip
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMService-2022.3-55-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMService-2022.3-55-binary.zip
Docker:
public.ecr.aws/h0m9e4y5/germainapm-engines:2022.3-55
public.ecr.aws/h0m9e4y5/germainapm-server:2022.3-55
public.ecr.aws/h0m9e4y5/germainapm-services:2022.3-55
Germain 2022.4-40
Download:
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMEngine-2022.4-40-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMEngine-2022.4-40-binary.zip
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMServer-2022.4-40-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMServer-2022.4-40-binary.zip
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMService-2022.4-40-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMService-2022.4-40-binary.zip
Docker
public.ecr.aws/h0m9e4y5/germainapm-engines:2022.4-40
public.ecr.aws/h0m9e4y5/germainapm-server:2022.4-40
public.ecr.aws/h0m9e4y5/germainapm-services:2022.4-40