Third-party Dependency Upgrades for APIM 4.4.0 #3105
Comments
[STATUS UPDATE]Provided a docker image of the APIM-4.4.0-m2 pack to the security team for the JFrog Analysis report. |
|
Refer #3014 |
[STATUS UPDATE]Upgrade CXF version from 3.6.3 to 3.6.4: wso2/carbon-apimgt#12556 |
[STATUS UPDATE]Upgrade bcprov-jdk18on and bcpkix-jdk18on Bouncy Castle dependencies from 1.77.0.wso2v1 to 1.78.1.wso2v1. Also, upgrade the bc-fips version from 1.0.2.4 to 1.0.2.5. carbon-multitenancy PR: wso2/carbon-multitenancy#270 |
[STATUS UPDATE]Upgraded the Tomcat versions from 9.0.85.wso2v1 to 9.0.94.wso2v1 and tested the portals with the major REST APIs. Orbit PR: wso2/orbit#1132 |
[STATUS UPDATE]Upgraded the swagger-parser version from 2.1.18 and 2.1.20 (both versions were packed from the 4.3.0 release) to version 2.1.22. Orbit bundles: wso2/orbit#1133 |
[STATUS UPDATE]Upgraded the protobuf-java version from 3.21.12 to non-vulnerable 3.25.5. Tested basic flows and thoroughly tested the streaming APIs. carbon-business-messaging PR: wso2/carbon-business-messaging#726 |
[STATUS UPDATE]Upgraded the swagger-parser version from 2.1.20.wso2v1 to 2.1.20.wso2v2 to resolve packing vulnerable version 2.11.0 of commons.io. Orbit bundles: wso2/orbit#1140 |
[STATUS UPDATE]Upgraded the commons-text version from 1.6.0 to 1.10.0. carbon-mediation PR: wso2/carbon-mediation#1735 |
[STATUS UPDATE]Upgraded the Jettison version from 1.3.4 to 1.5.4. carbon-kernel PR: wso2/carbon-kernel#4089 |
[STATUS UPDATE]Upgraded the graphQL version from 19.6 to 19.11. Orbit PR: wso2/orbit#1143 |
Description
This issue is created to track the third-party dependency upgrades for the APIM 4.4.0 release. Each upgraded dependency will be mentioned in the comments.
Affected Component
APIM
Version
4.4.0
Related Issues
No response
Suggested Labels
No response
The text was updated successfully, but these errors were encountered: