Skip to content
This repository was archived by the owner on Jan 21, 2024. It is now read-only.

Releases: mulesoft-consulting/json-logger

Mule 4.3x Release v2.1.0

17 Nov 18:45
@sup-mule sup-mule
mule4.3x-v2.1.0
c99116b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Mule 4.3x Release v2.1.0 Latest
Latest

Release V2.1.0

Minimum mule version 4.3

JSON Logger 2.0.1 Vulnerabilities Fixed in this Release

Critical Severity

  • ✗ XML External Entity (XXE) Injection [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754] in com.fasterxml.woodstox:woodstox-core@5.0.2
    introduced by org.mule.services:mule-service-weave:mule-service@2.1.2 > org.mule.weave:runtime@2.1.2 > org.mule.weave:core-modules@2.1.2 > com.fasterxml.woodstox:woodstox-core@5.0.2
    This issue was fixed in versions: 5.3.0
  • ✗ Remote Code Execution (RCE) [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMULERUNTIME-1089453] in org.mule.runtime:mule-core@4.1.1
    introduced by org.mule.runtime:mule-core@4.1.1
    This issue was fixed in versions: 4.3.0
  • ✗ XML External Entity (XXE) Injection [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMULERUNTIME-1089455] in org.mule.runtime:mule-core@4.1.1
    introduced by org.mule.runtime:mule-core@4.1.1
    This issue was fixed in versions: 4.3.0
  • ✗ Remote Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751] in org.springframework:spring-beans@5.1.6.RELEASE
    introduced by org.mule.connectors:mule-jms-connector:mule-plugin@1.6.3 > org.mule.connectors:mule-jms-client@1.6.2 > org.springframework:spring-jms@5.1.6.RELEASE > org.springframework:spring-beans@5.1.6.RELEASE
    This issue was fixed in versions: 5.2.20, 5.3.18

High Severity

  • ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.18
    introduced by org.mule.runtime:mule-core@4.1.1 > org.yaml:snakeyaml@1.18
    This issue was fixed in versions: 1.31
  • ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.3
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.3
  • ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.10.3
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.3
  • ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-1078499] in net.minidev:json-smart@2.3
    introduced by com.jayway.jsonpath:json-path@2.4.0 > net.minidev:json-smart@2.3
  • ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-DOM4J-174153] in dom4j:dom4j@1.6.1
    introduced by org.mule.runtime:mule-module-extensions-spring-support@4.1.1 > dom4j:dom4j@1.6.1
    No upgrade or patch available
  • ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369] in org.json:json@20160810
    introduced by org.mule.runtime:mule-metadata-model-json@1.1.1 > org.everit.json:org.everit.json.schema@1.5.0 > org.json:json@20160810
    This issue was fixed in versions: 20180130
  • ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-DOM4J-2812975] in dom4j:dom4j@1.6.1
    introduced by org.mule.runtime:mule-module-extensions-spring-support@4.1.1 > dom4j:dom4j@1.6.1
    No upgrade or patch available
  • ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLBEANS-1060048] in org.apache.xmlbeans:xmlbeans@2.6.0
    introduced by org.mule.runtime:mule-metadata-model-xml@1.1.1 > org.apache.xmlbeans:xmlbeans@2.6.0
    This issue was fixed in versions: 3.0.0

Medium Severity

  • ✗ Denial of Service (DoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.10.3
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.3
  • ✗ Denial of Service (DoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.10.3
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.3
  • ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.10.3
    introduced by com.fasterxml.jackson.core:jackson-databind@2.10.3
  • ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-1298655] in net.minidev:json-smart@2.3
    introduced by com.jayway.jsonpath:json-path@2.4.0 > net.minidev:json-smart@2.3
  • ✗ Deserialization of Untrusted Data [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327] in com.google.code.gson:gson@2.8.5
    introduced by com.mulesoft.muleesb.modules:anypoint-mq-rest-client@3.1.0 > com.google.code.gson:gson@2.8.5
    This issue was fixed in versions: 2.8.9
  • ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109] in commons-io:commons-io@2.6
    introduced by org.mule.connectors:mule-jms-connector:mule-plugin@1.6.3 > commons-io:commons-io@2.6
    This issue was fixed in versions: 2.7
  • ✗ Server-side Request Forgery (SSRF) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGMULERUNTIME-1089457] in org.mule.runtime:mule-core@4.1.1
    introduced by org.mule.runtime:mule-core@4.1.1
    This issue was fixed in versions: 4.3.0
  • ✗ Improper Output Neutralization for Logs [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097] in org.springframework:spring-core@5.0.4.RELEASE
    introduced by com.mulesoft.muleesb.modules:anypoint-mq-rest-client@3.1.0 > org.springframework:spring-core@5.0.4.RELEASE
    This issue was fixed in versions: 5.3.12, 5.2.18
  • ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878] in org.springframework:spring-core@5.0.4.RELEASE
    introduced by com.mulesoft.muleesb.modules:anypoint-mq-rest-client@3.1.0 > org.springframework:spring-core@5.0.4.RELEASE
    This issue was fixed in versions: 5.2.19.RELEASE, 5.3.14
  • ✗ Multipart Content Pollution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-460644] in org.springframework:spring-core@5.0.4.RELEASE
    introduced by com.mulesoft.muleesb.modules:anypoint-mq-rest-client@3.1.0 > org.springframework:spring-core@5.0.4.RELEASE
    This issue was fixed in versions: 4.3.14.RELEASE, 5.0.5.RELEASE
  • ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828] in org.springframework:spring-expression@4.1.9.RELEASE
    introduced by org.mule.runtime:mule-module-extensions-spring-support@4.1.1 > org.mule.runtime:mule-module-spring-config@4.1.1 > org.springframework:spring-context@4.1.9.RELEASE > org.springframework:spring-expression@4.1.9.RELEASE
    This issue was fixed in versions: 5.2.20.RELEASE, 5.3.17
  • ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313] in org.springframework:spring-beans@5.1.6.RELEASE
    introduced by org.mule.connectors:mule-jms-connector:mule-plugin@1.6.3 > org.mule.connectors:mule-jms-client@1.6.2 > org.springframework:spring-jms@5.1.6.RELEASE > org.springframework:spring-beans@5.1.6.RELEASE
    This issue was fixed in versions: 5.2.22.RELEASE, 5.3.20
  • ✗ Improper Handling of Case Sensitivity [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634] in org.springframework:spring-context@4.1.9.RELEASE
    introduced by org.mule.runtime:mule-module-extensions-spring-support@4.1.1 > org.mule.runtime:mule-module-spring-config@4.1.1 > org.springframework:spring-context@4.1.9.RELEASE
    This issue was fixed in versions: 5.2.21, 5.3.19
  • ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823310] in org.springframework:spring-messaging@5.1.6.RELEASE
    introduced by org.mule.connectors:mule-jms-connector:mule-plugin@1.6.3 > org.mule.connectors:mule-jms-client@1.6.2 > org.springframework:spring-jms@5.1.6.RELEASE > org.springframework:spring-messaging@5.1.6.RELEASE
    This issue was fixed in versions: 5.2.22.RELEASE, 5.3.20
  • ✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.18
    introduced by org.mule.runtime:mule-core@4.1.1 > org.yaml:snakeyaml@1.18
    This issue was fixed in versions: 1.31
  • ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.18
    introduced by org.mule.runtime:mule-core@4.1.1 > org.yaml:snakeyaml@1.18
    This issue was fixed in versions: 1.26

Low Severity

  • ✗ Information Disclosure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415] in com.google.guava:guava@25.1-jre
    introduced by org.mule.connectors:mule-jms-connector:mule-plugin@1.6.3 > com.google.guava:guava@25.1-jre
    This issue was fixed in versions: 30.0-android, 30.0-jre
  • ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.18
    introduced by org.mule.runtime:mule-core@4.1.1 > org.yaml:snakeyaml@1.18
    This issue was fixed in versions: 1.32
  • ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.18
    introduced by org.mule.runtime:mule-core@4.1.1 > org.yaml:snakeyaml@1.18
    This issue was fixed in versions: 1.31
Assets 2
Loading

Mule 4 - Release v2.0.1

29 Jun 19:18
@skuller skuller
mule4-v2.0.1
357cac9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Mule 4 - Release v2.0.1

Added support for handling large payloads

Loading

Mule 4 - Release v2.0.0

06 Jun 00:08
@skuller skuller
mule4-v2.0.0
4f91559
Compare
Choose a tag to compare
Mule 4 - Release v2.0.0 
mule4-v2.0.0

updated README
Loading

Mule 4 - Release v1.0.2

16 Oct 23:10
@skuller skuller
mule4-v1.0.2
4698f76
Compare
Choose a tag to compare
Mule 4 - Release v1.0.2 
mule4-v1.0.2

added more dashboards
Loading

Mule 3 - Release v1.1.0

16 Oct 03:55
@skuller skuller
mule3-v1.1.0
afa6735
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Mule 3 - Release v1.1.0 
Merge pull request #2 from JoshTheGoldfish/jerney-fix-typo

fix typo in README
Loading