Third-Party Update: Jetty

Jetty has been updated to version 9.4.39.v20210325 to avoid security vulnerabilities of the previous version.

(CMS-19250)

Third-Party Update: Spring Security

Spring Security has been updated to version 5.2.9.RELEASE to avoid a security vulnerability of the previous version (CVE-2021-22112).

(CMS-19098)

Third-Party Update: Tomcat

Tomcat has been updated to version 9.0.43 to avoid security vulnerabilities of the previous version (CVE-2020-17527, CVE-2021-25122, CVE-2021-25329).

(CMS-19082)

Update of MongoDB Java Driver

The thirdparty dependencies org.mongodb:mongodb-driver-legacy, org.mongodb:mongodb-driver-core and org.mongodb:bson have been updated from version 4.1.0 to 4.2.2.

(CMS-19077)

Maven Plugin Versions

The versions of the maven-install-plugin and the maven-deploy-plugin have been consolidated to 3.0.0-M1 all throughout CMCC.

(CMS-18848)

Fixed bug that required exact case in LDAP user name for login

Fixed the bug that prevented LDAP users to log in with a user name that differed in case. It's now possible again to log in with a name that differs in case, if the LDAP user provider ignores case when returning a user for some name. Note, that the login for built-in users always requires exact case.

(CMS-18825)

Third-Party Update: Checker Framework

The Checker Framework has been updated to version 3.7.1.

The Checker Framework can be used to verify usage of personal data during compilation as described in the Blueprint Developer Manual, section "Handling Personal Data". The new version is required for this to work with Java 11 versions above 11.0.6.

(CMS-18794)