...
For external services used in RADAR-base, we investigated if any of the Java based components are officially reported as vulnerable.
Fix: Updated log4j dependencies to 2.16.0.
2.1 Affected services and versions
Services developed within RADAR-base
...
Name of the service | Distribution | Affected version(s) | Fixed version |
radar-rest-sources-auth-backend | Both RADAR-Docker and RADAR-Kubernetes | 3.1.1 - 3.2.1 | 3.2.2 |
radar-gateway | Both RADAR-Docker and RADAR-Kubernetes | 0.5.6 - 0.5.7 | 0.5.8* 0.5.9 |
radar-pushendpoint | Not part of standard distribution yet | 0.1.1 - 0.2.0 | 0.2.1* |
radar-output-restructure | Both RADAR-Docker and RADAR-Kubernetes | 2.0.0 | 2.0.1 |
radar-schemas | Both RADAR-Docker and RADAR-Kubernetes | 0.7.0 - 0.7.4 | 0.7.5 |
*Partial resolution, updated log4j to 2.15.0.
External services used in RADAR-base
...