You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
The existing package uses Quartz 2.3.2. But there is a vulnerability issue with this quartz. This problem comes from the method org.quartz.jobs.ee.jms.SendQueueMessageJob.execute(JobExecutionContext), which is designed to send JMS messages. According to the Quartz release thread[1], this vulnerability only affects if we expose a connection factory that must be configured by the user. Otherwise, there is no way the problem will be affected. Since the task module does not use this functionality, there is no problem with the task package.
Quartz has fixed this issue but they haven't released any stable version. We should upgrade the package when Quartz releases a new stable version.
Description:
The existing package uses Quartz
2.3.2. But there is a vulnerability issue with this quartz. This problem comes from the methodorg.quartz.jobs.ee.jms.SendQueueMessageJob.execute(JobExecutionContext),which is designed to send JMS messages. According to the Quartz release thread[1], this vulnerability only affects if we expose a connection factory that must be configured by the user. Otherwise, there is no way the problem will be affected. Since the task module does not use this functionality, there is no problem with the task package.Quartz has fixed this issue but they haven't released any stable version. We should upgrade the package when Quartz releases a new stable version.
[1] quartz-scheduler/quartz#943
The text was updated successfully, but these errors were encountered: