Release Notes 6.5.3

Web UI v2: Highlights

With this release, the new Web interface (WebUI v2) introduces the following features.

• Data Insights

• Dashboards

• Intelligent Automation Assistant (Beta)

Data Insights

A new feature area, Data Insights, was added to the main navigation panel. Data insights are organized, complex data extractions that are based on templates, or types, for specific data needs and real-time views into your workload automation landscape. More than the reports of the thick client and Web UI v1, which these will eventually replace and expand upon, the new generation data insights are dynamic, interactive, and shareable for other users and stakeholders. In addition, you can print (PDF or CSV), email, schedule all data insights. Furthermore, all data insights can be added to your dashboard as widgets which allows you to view several side-by-side on one page, without losing any of their dynamic qualities.

For more information, see Data Insights.

The Data Insight types

The catalog of data insight types will be expanded with each release. In this release, you find the following data insight types:

• Audit History

  The Audit History data insight type helps you track the events related to any job changes on your AutoSys scheduler over a period of time. You can filter to find who made what changes for a specific job. Furthermore, you can schedule the audit history to be regularly created and emailed to audit personnel for compliance purposes. For information, see The Audit History Data Insight.

• Processing Load

  The Processing Load data insight type gives you a clear picture of scheduler performance by showing you the number of jobs that are running during an interval of time as well as the total time in execution delays for each scheduler or machine during each slice of time. The graph, which you can zoom into and out of, reveals spikes and valleys of processing load. Because you can create a Processing Load data insight for totals by machine, it becomes a tool to support charge-back models to application teams. For information, see The Processing Load Data Insight.

• Job Status

  The Job Status data insight type gives a quick overview of all the jobs in AAI grouped according to their current run status. You can create several job status data insights, filtering each one to focus on a different run status and maybe also scheduler. When you add those as widgets to your Dashboard, you can monitor execution activity by status at a glance. For information, see The Job Status Data Insight.

Dashboards

The Dashboard is a completely new feature in AAI. The Dashboard allows you to gather widgets based on any defined data insights onto one page. Each widget is a window to the defined data insight. You can size the widgets to provide a miniature view of the data insight, or expand them to fill the width of the page. By organizing widgets on your dashboard tab pages, you create personalized overviews of various aspects of your workload landscape.

You can take actions on widgets just as you would on the source data insight, including filtering, sorting, printing, and editing the definition. This makes your dashboard not just an overview but a valuable tool to monitor and research your workloads.

For more information, see Dashboards (Web Interface).

Enhancements

This AAI release includes the enhancements listed below.

Web UI v2

With this release, the new Web interface (WebUI v2) introduces the following features.

• User Preference Settings for Time Zones

  You can now define your time zone preferences directly in the new Web UI. Although you could always do this in the thick client, in the WebUI you can also specify your preferred date and time format. For information, see Setting Preferences for Date and Time (Web Interface).

• User Preference Settings Business Areas

  You can now also define your preferred default business areas directly in the new Web UI. All screens and views with jobstream data are then pre-filtered by default to include only jobstreams in your preferred business areas. For information, see Setting Preferences for Business Areas (Web Interface).

• Creating Saved Views of Jobstream Runs

  When working on the Jobstream Runs - Grid View, you can filter the jobstreams, change the sort orders and column configurations, to get the view of the data that you need. Now you can save those filters and configurations as a named view in a catalog of views that you maintain so that you can call them up with one click. This new Web UI feature is similar to the Monitoring views in the thick client. For information, see Saving Views on the Jobstream Runs Grid.

• Surfacing root cause for NPTF jobstream runs

  You can now see the problem and the jobs that are the reason for a jobstream run to have NPTF status (not predicted to finish) directly on the Gantt chart for the run. For convenience and efficiency in your investigations, all NPTF indicators are links to the related Gantt chart. When the Gantt chart appears, the table is already pre-filtered to show the problem jobs and includes additional columns with root cause details. For information, see Root Cause Analysis (Web Interface).

• Significant performance improvements on jobstream views

  Optimized several aspects of data fetching and presentation to noticeably improve the performance of rendering timelines and populating and refreshing the data on several key pages. These include the Jobstream Definitions, Jobstream Runs - Timeline View, Jobstream Runs - Grid View, and the Gantt Timeline View.

Telemetry (Product Usage) - Execution based Calculations

The telemetry calculations of your overall product usage has been completely revised to support the new model of execution-based SKUs. Now your usage billing is based on how many executions run on either Broadcom or non-Broadcom products, or a combination of them. The usage data that you see in the new Web UI reflects these changes.

For more information, see Usage Data (Telemetry).

AAI Server - Linux Headless Upgrader

You now can upgrade AAI on Linux in automated mode. This allows upgrading from a command line and in scripts that can be used for automating upgrade deployment.

For more information, see Upgrading AAI in Automated Mode (Headless Upgrader - UNIX).

Bug Fixes

This AAI version includes the bug fixes listed below:

General

• Solved an issue that allowed non-UTF-8 characters to be entered in the jobstream descriptions. This caused several problems, among them, that Email/SNMP alerts were not sent. Now, there is a validation to check that only unicode characters are entered.

  Associated ticket: DE574033

• Fixed an issue in the thick client that prevented AAI from sending out Started or NPTF alerts, when a child job of a Box was on hold and the Box job started.

  Associated ticket: DE580999

• Solved an issue in the dashboard filter in the thick client that prevented AutoSys jobs to be listed by their job name in the results. The AutoSys Common property value Job Name was changed to Job Name (AutoSys) to show that it is different from the AAI property value Job Name in the By Name listing.

  Associated ticket: DE574033

• Fixed an issue in the thick client that caused a simulated jobstream run to drop from the Monitoring tab when an upstream job in the simulation is put On Hold. Now, when an upstream job in a simulation is put on hold, the jobstream is set to NPTF with an Unknown root cause.

  Associated ticket: DE560000

• Fixed an issue where a jawsImport did not restore the email or SNMP, and the email address.

  Associated ticket: DE595418

The following component upgrades were made to resolve security vulnerabilities:

• Upgraded the SnakeYAML component from version 1.29 to version 2.2 to resolve the following security vulnerability:

  • CVE-2022-1471 (BDSA-2022-3447)

  • CVE-2022-25857 (BDSA-2022-2579)

• Upgraded the HTTP functionality for the Reactor Netty component from version 1.0.18 to 1.0.39 to resolve the following security vulnerability:

  • CVE-2023-34062 (BDSA-2023-3159)

  • CVE-2023-34054 (BDSA-2023-3281)

• Upgraded the Apache HttpClient to version 4.5.14 to resolve the following security vulnerability:

  • CVE-2020-13956

• Upgraded the Bouncy Castle component to version 1.7.8 to resolve the following security vulnerabilities:

  • CVE-2023-33201

  • CVE-2023-33202

• Upgraded the commons-net component to version 3.10.0 to resolve the following security vulnerability:

  • CVE-2021-37533

• Upgraded the jackson-databind component to version 2.17.0 to resolve the following security vulnerability:

  • CVE-2023-35116

• Upgraded the RESTEasy component to version 3.0.21.Final to resolve the following security vulnerability:

  • CVE-2016-6346

Web UI v2

• Improved the performance of rendering the Jobstream Runs - Timeline View, which was previously sluggish when drilling down into business areas.

  Associated ticket: DE597337

• Solved an inconsistency between the thick client and the Web UI v2 with how jobs and their respective status icons were displayed. The jobstream Gantt tooltip now displays Success or Failure for the job run status and the job failure icon is positioned on the right-hand side for better visibility.

  Associated ticket: DE585356

• Fixed an issue with jobstream runs with failed target jobs showing as Completed in the Jobstream Runs Grid view. The jobstream Gantt tooltip now displays Success or Failure for the job run status and the job failure icon is positioned on the right-hand side for better visibility.

  Associated ticket: DE588317

• Fixed an issue in the exported file from the Jobstream Runs - Grid View where the column headers did not correspond to the column data. This happened with jobstreams that belonged to multiple business areas.

  Associated ticket: DE601768

• The Gantt chart was enhanced to solve an issue that prevented the SCHID( job run context id) from being displayed after the job name for CA7 jobstreams.

• Enhanced the tooltip displayed while doing a mouse-over on the jobstream name in the Timeline view to display additional information such as the Scheduler name and total number of jobs in the jobstream.

• Fixed inconsistent behavior while navigating back and forth between Jobstream Timeline view and Job stream Details Page using browser Back button.

• Fixed an issue related to exporting wherein the csv file exported from Jobstream Definitions and Jobs page fetched all the records available rather than just the records displayed in the view.

• Solved an issue where the jobstream was still being displayed in the Jobstream Definitions page while deleting it was in progress. Now the corresponding row is deleted immediately to avoid any further operation on that specific jobstream.

• Fixed an issue with the incorrect sorting of the Jobstream Definitions by the Last End Time column. Both the predicted and actual end times are considered to achieve this.

  Associated ticket: DE595412

• Fixed an issue with the Date filter that allowed users to select an absolute date range in the following Web UI v2 views:

  • Jobstream Runs - Grid and Timeline views

  • Jobstream Details - Run Details and Alerts Tabs

  • Job Details - Run History Tab

• Fixed an issue related to displaying appropriate parentage for jobs in the Gantt chart of certain Jobstreams.

  Associated ticket: DE596822

• Solved an issue where, when the jobstream search filter returned no results, the message "No Jobstreams have been added" was displayed instead of the "No Result found" message.

• Fixed an issue with sorting by Target Job in the Jobstreams Grid view.

• Fixed an issue with the display of the count of deleted jobs in the respective Schedulers in the System Monitoring page.

  Associated ticket: DE598763

• Resolved Export failure issues while exporting data from the Web UI v2 Run Details SLA Graph View.

AutoSys

Solved an issue with duplicate descriptions in the Add Scheduler dialogue for AutoSys. Now the description text in the Security section of the Advanced tab of the Add Scheduler dialog for AutoSys is updated correctly.

Associated ticket: DE598606

Database Schema Upgrade Summary from 6.5.2

The following new table has been added:

• PreferenceShare_UserProfile

The following table has been deleted:

• UsageSKU

Reporting Server 2.0.3

For more information, see:

• Upgrading the Reporting Server from v1.1.x to v2.0.0

• Upgrading the Reporting Server from v2.0.x to v2.0.3

Enhancements

Reporting Server Upgrader

You can now quickly and easily upgrade the Reporting Server using a wizard (Windows) or a script (Linux), rather than as a series of manual steps. This also reduces the error risk during upgrade.

Bug Fixes

• The Reporting Server releases prior to v2.0.2 surfaced the CVE-2021-44228 security vulnerability. The embedded neo4j-jdbc42-1.0.8.1009.jar file was found to be the root cause. The jar file has already been removed with the Jaspersoft upgrade to 8.2.0, which is included in Reporting Server v2.0.2 and later releases. To remediate the vulnerability in earlier versions of the Reporting Server, follow the process that is described in this KB article.

  Associated ticket: DE593770

Airflow 1.0.1

Enhancements

• Job type support

  When looking at Airflow jobs in AAI, you now see the job type and statuses as they are defined natively in Airflow. This avoids ambiguity and helps Airflow users more quickly understand the job status.

• Filter out Null value properties

  The Airflow connector now filters out job properties with null values, so Null will not appear anywhere on the new WebUI as a job property value.

For more information, see AAI Integration for Airflow.

Bug Fixes

The following component upgrades were made to resolve Airflow connector security vulnerabilities

• Upgraded Apache Tomcat package from version 9.0.83 to 9.0.88 to resolve the following security vulnerabilities:

  • CVE-2024-23672 (BDSA-2024-0622)

  • CVE-2024-24549 (BDSA-2024-0623)

• Upgraded Spring Framework package from version 5.3.31 to 5.3.34 to resolve the following security vulnerabilities:

  • CVE-2024-22262 (BDSA-2024-1160)

  • CVE-2024-22259 (BDSA-2024-0625)

  • CVE-2024-22243 (BDSA-2024-0402)

• Upgraded FasterXML Jackson package from version 2.13.5 to 2.17.0 to resolve the following security vulnerability:

  • CVE-2023-35116 (BDSA-2023-1491)

• Upgraded Netty Project from version 4.1.101.Final to 4.1.109.Final to resolve the following security vulnerability:

  • CVE-2024-29025 (BDSA-2024-0720)

Automic Connector 3.2.1

• Enhanced debug logging for better diagnostics.

• Improved handling of JOBG objects.

• Enhanced caching for calendar (CALE) and time zone (TZ) objects.

• Enhanced the handling of the calendar conditions for a task with an "external dependency apply" condition.

• Improved overall performance when fetching object definitions.

• Fixed an issue that caused significantly slower performance during data transmission of some large data sets.

• Upgraded the AAI Connector Framework to version 6.5.2

• Upgraded the Apache Tomcat version from 9.0.81 to 9.0.88 to resolve the following security vulnerabilities:

  • CVE-2023-46589 (BDSA-2023-3298)

  • BDSA-2024-0396

  • CVE-2024-23672 (BDSA-2024-0622)

  • CVE-2024-24549 (BDSA-2024-0623)

• Upgraded the Netty Project version from 4.1.100.Final to 4.1.110.Final to resolve the following security vulnerabilities:

  • CVE-2024-29025 (BDSA-2024-0720)

• Upgraded the Spring Boot version from 2.7.16 to 2.7.18 to resolve the following security vulnerabilities:

  • CVE-2023-34055 (BDSA-2023-3275)

• Upgraded the Spring Framework version from 5.3.30 to 5.3.34 to resolve the following security vulnerabilities:

  • CVE-2016-1000027

  • CVE-2024-22243 (BDSA-2024-0402)

  • CVE-2024-22262 (BDSA-2024-1160)

  • CVE-2024-22259 (BDSA-2024-0625)

Control-M Connector 1.2.7

The following component upgrades were made to resolve Control-M connector security vulnerabilities

• Upgraded the Tomcat version from 9.0.64 to 9.0.88 to resolve the following security vulnerabilities:

  • CVE-2023-44487 (BDSA-2023-2732)

  • CVE-2022-45143 (BDSA-2023-0001)

  • CVE-2023-24998 (BDSA-2023-0357)

  • CVE-2023-46589 (BDSA-2023-3298)

  • CVE-2022-42252 (BDSA-2022-3105)

  • BDSA-2024-0396

  • BDSA-2023-1242

  • CVE-2022-34305 (BDSA-2022-1742)

  • CVE-2023-41080 (BDSA-2023-2250)

  • CVE-2023-45648 (BDSA-2023-2726)

  • CVE-2023-42795 (BDSA-2023-2736)

  • CVE-2023-28708 (BDSA-2023-0623)

  • CVE-2024-24549 (BDSA-2024-0623)

  • CVE-2024-23672 (BDSA-2024-0622)

• Upgraded the Netty version from 4.1.78.Final to 4.1.109.Final to resolve the following security vulnerabilities:

  • CVE-2022-41881 (BDSA-2022-3559)

  • CVE-2023-44487 (BDSA-2023-2732)

  • CVE-2023-34462 (BDSA-2023-1556)

  • CVE-2024-29025 (BDSA-2024-0720)

• Upgraded the PostgreSQL version from 42.3.6 to 42.3.10 to resolve the following security vulnerabilities:

  • CVE-2024-1597 (BDSA-2024-0368)

  • CVE-2022-31197 (BDSA-2022-2702)

  • CVE-2022-41946 (BDSA-2022-3347)

• Upgraded the SnakeYAML version from 1.30 to 2.2 to resolve the following security vulnerabilities:

  • CVE-2022-1471 (BDSA-2022-3447)

  • CVE-2022-25857 (BDSA-2022-2579)

  • CVE-2022-38752 (BDSA-2022-2590)

  • CVE-2022-38751 (BDSA-2022-2587)

  • CVE-2022-38749 (BDSA-2022-2577)

  • CVE-2022-41854 (BDSA-2022-3211)

  • CVE-2022-38750 (BDSA-2022-2578)

• Upgraded the Spring Boot version from 2.7.1 to 2.7.18 to resolve the following security vulnerabilities:

  • CVE-2023-20873 (BDSA-2023-0953)

  • CVE-2023-20883 (BDSA-2023-1225)

  • CVE-2023-34055 (BDSA-2023-3275)

• Upgraded the Jackson-databind version from 2.13.3 to 2.17.0 to resolve the following security vulnerabilities:

  • CVE-2022-42003 (BDSA-2022-2765)

  • CVE-2022-42004 (BDSA-2022-2768)

  • CVE-2023-35116

• Upgraded the Reactor Netty version from 1.0.20 to 1.0.39 to resolve the following security vulnerabilities:

  • CVE-2022-41881 (BDSA-2022-3559)

  • CVE-2023-44487 (BDSA-2023-2732)

  • CVE-2023-34462 (BDSA-2023-1556)

  • CVE-2024-29025 (BDSA-2024-0720)

• Upgraded the H2 Database version from 2.1.214 to 2.2.222 to resolve the following security vulnerabilities:

  • BDSA-2018-1048

  • CVE-2022-45868 (BDSA-2022-3649)

• Upgraded the Spring Framework version from 5.3.21 to 5.3.34 to resolve the following security vulnerabilities:

  • CVE-2023-20860 (BDSA-2023-0649)

  • CVE-2023-20863 (BDSA-2023-0847)

  • CVE-2023-20861 (BDSA-2023-0638)

  • CVE-2024-22259 (BDSA-2024-0625)

  • CVE-2024-22243 (BDSA-2024-0402)

  • CVE-2024-22262 (BDSA-2024-1160)

• Upgraded the Guava version from 31.1 to 32.0.0-jre to resolve the following security vulnerabilities:

  • CVE-2023-2976 (BDSA-2016-1748)

  • CVE-2020-8908 (BDSA-2020-3736)

• Upgraded the json-smart version from 2.4.8 to 2.4.11 to resolve the following security vulnerability:

  • CVE-2023-1370 (BDSA-2023-0616)

IWS Connector 1.12.0

The following component upgrades were made to resolve IWS connector security vulnerabilities

• Upgraded the Jackson-databind version from 2.9.8 to 2.17.0 to resolve the following security vulnerabilities:

  • CVE-2020-9546 (BDSA-2020-0363)

  • CVE-2019-20330 (BDSA-2019-4111)

  • CVE-2020-8840 (BDSA-2020-0252)

  • CVE-2019-16943 (BDSA-2019-3135)

  • CVE-2019-17531 (BDSA-2019-3215)

  • CVE-2019-17267 (BDSA-2019-3151)

  • CVE-2019-16335 (BDSA-2019-2978)

  • CVE-2019-14892 (BDSA-2019-4213)

  • CVE-2019-16942 (BDSA-2019-3136)

  • CVE-2020-9548 (BDSA-2020-0354)

  • CVE-2020-9547 (BDSA-2020-0361)

  • CVE-2019-14540 (BDSA-2019-2980)

  • CVE-2019-14893 (BDSA-2019-4214)

  • CVE-2019-14379 (BDSA-2019-2355)

  • CVE-2020-11112 (BDSA-2020-0583)

  • CVE-2020-11111 (BDSA-2020-0582)

  • CVE-2020-11113 (BDSA-2020-0584)

  • CVE-2020-10968 (BDSA-2019-4338)

  • CVE-2020-10969 (BDSA-2020-0553)

  • CVE-2020-10673 (BDSA-2020-0487)

  • CVE-2020-10672 (BDSA-2020-0486)

  • CVE-2020-36182 (BDSA-2021-0016)

  • CVE-2020-36179 (BDSA-2021-0012)

  • CVE-2020-14195 (BDSA-2020-1428)

  • CVE-2020-11619 (BDSA-2020-0689)

  • CVE-2021-20190 (BDSA-2020-4090)

  • CVE-2020-36180 (BDSA-2021-0015)

  • CVE-2020-35490 (BDSA-2020-3827)

  • CVE-2020-14060 (BDSA-2020-1415)

  • CVE-2020-24750 (BDSA-2020-2643)

  • CVE-2020-10650 (BDSA-2020-4813)

  • CVE-2020-11620 (BDSA-2020-0690)

  • CVE-2020-24616 (BDSA-2020-2193)

  • CVE-2020-36186 (BDSA-2020-4023)

  • CVE-2020-36185 (BDSA-2020-4022)

  • CVE-2020-36183 (BDSA-2021-0013)

  • CVE-2020-14061 (BDSA-2020-1417)

  • CVE-2020-36181 (BDSA-2021-0014)

  • CVE-2020-36188 (BDSA-2020-4021)

  • CVE-2020-36187 (BDSA-2020-4024)

  • CVE-2020-36184 (BDSA-2020-4020)

  • CVE-2020-36189 (BDSA-2020-4026)

  • CVE-2020-35728 (BDSA-2020-3902)

  • CVE-2020-14062 (BDSA-2020-1416)

  • CVE-2020-35491 (BDSA-2020-3826)

  • CVE-2020-25649 (BDSA-2020-2965)

  • CVE-2019-14439 (BDSA-2019-2369)

  • CVE-2022-42003 (BDSA-2022-2765)

  • CVE-2022-42004 (BDSA-2022-2768)

  • CVE-2020-36518 (BDSA-2020-4752)

  • CVE-2019-12086 (BDSA-2019-1550)

  • CVE-2019-12814 (BDSA-2019-1837)

  • CVE-2019-12384 (BDSA-2019-1881)

  • CVE-2023-35116

• Removed OpenSSL 1.0.2o to resolve the following security vulnerabilities:

  • CVE-2022-1292 (BDSA-2022-1242)

  • CVE-2022-2068 (BDSA-2022-1716)

  • CVE-2018-0732 (BDSA-2018-1959)

  • CVE-2023-0215 (BDSA-2023-0232)

  • CVE-2021-23840 (BDSA-2021-0391)

  • CVE-2023-0464 (BDSA-2023-0610)

  • CVE-2022-0778 (BDSA-2022-0709)

  • CVE-2023-0286

  • CVE-2021-3712 (BDSA-2021-2579

  • BDSA-2020-2711

  • CVE-2023-2650 (BDSA-2023-1337)

  • CVE-2020-1971 (BDSA-2020-3689)

  • CVE-2021-4160 (BDSA-2022-0284)

  • CVE-2018-0737 (BDSA-2018-1173)

  • CVE-2021-23841 (BDSA-2021-0390)

  • CVE-2018-0734 (BDSA-2018-3821)

  • CVE-2019-1559 (BDSA-2019-0562)

  • CVE-2022-4304

  • CVE-2024-0727 (BDSA-2024-0202)

  • CVE-2019-1551 (BDSA-2019-3854)

  • CVE-2023-5678 (BDSA-2023-3046)

  • CVE-2023-0466

  • CVE-2023-3817 (BDSA-2023-1972)

  • CVE-2023-0465 (BDSA-2023-0692)

  • CVE-2019-1547 (BDSA-2019-2929)

  • CVE-2018-5407 (BDSA-2018-3865)

  • BDSA-2023-1866

  • CVE-2019-1563 (BDSA-2019-2906)

  • CVE-2020-1968 (BDSA-2020-2316)

  • CVE-2019-1552 (BDSA-2019-2367)

• Upgraded the Apache Tomcat version from 9.0.12 to 9.0.88 to resolve the following security vulnerabilities:

  • CVE-2020-1938 (BDSA-2020-0339)

  • CVE-2022-25762 (BDSA-2022-1335)

  • CVE-2019-0232 (BDSA-2019-1146)

  • CVE-2020-802

  • CVE-2020-11996 (BDSA-2020-1534)

  • CVE-2020-13934 (BDSA-2020-1667)

  • CVE-2023-44487 (BDSA-2023-2732)

  • CVE-2020-17527 (BDSA-2020-3628)

  • CVE-2023-46589 (BDSA-2023-3298)

  • CVE-2019-10072 (BDSA-2019-1869)

  • CVE-2019-17563 (BDSA-2019-4037)

  • CVE-2022-42252 (BDSA-2022-3105)

  • CVE-2019-0199 (BDSA-2019-1005)

  • CVE-2020-13935 (BDSA-2020-1664)

  • CVE-2021-41079 (BDSA-2021-2798)

  • CVE-2023-24998 (BDSA-2023-0357)

  • CVE-2021-25122 (BDSA-2021-0709)

  • BDSA-2024-0396

  • CVE-2019-12418 (BDSA-2019-4038

  • CVE-2021-25329 (BDSA-2021-0711)

  • CVE-2020-9484 (BDSA-2020-1193)

  • CVE-2022-23181

  • CVE-2021-30640 (BDSA-2021-2071)

  • BDSA-2023-1242

  • CVE-2019-0221 (BDSA-2019-1661)

  • CVE-2023-41080 (BDSA-2023-2250)

  • CVE-2021-24122 (BDSA-2021-0069)

  • CVE-2019-2684

  • CVE-2023-42795 (BDSA-2023-2736)

  • CVE-2023-45648 (BDSA-2023-2726)

  • CVE-2021-33037 (BDSA-2021-2072)

  • CVE-2024-21733 (BDSA-2024-0129)

  • CVE-2020-1935 (BDSA-2020-0328)

  • CVE-2020-13943 (BDSA-2020-2727)

  • CVE-2023-28708 (BDSA-2023-0623)

  • CVE-2021-43980

  • CVE-2024-23672 (BDSA-2024-0622)

  • CVE-2024-24549 (BDSA-2024-0623)

• Upgraded the Logback version from 1.2.3 to 1.2.13 to resolve the following security vulnerabilities:

  • CVE-2023-6378 (BDSA-2023-3307)

  • CVE-2021-42550 (BDSA-2021-3818)

  • BDSA-2023-3341

  • BDSA-2021-3401

• Upgraded the Oracle JDBC driver from 12.1.0.2 to 21.4.0.0.1 to resolve the following security vulnerability:

  • CVE-2016-3506

• Upgraded the Apache Commons IO version from 2.5 to 2.16.1 to resolve the following security vulnerability:

  • CVE-2021-29425 (BDSA-2021-0922)

• Upgraded the Jersey version from 2.27 to 2.42 to resolve the following security vulnerability:

  • BDSA-2016-1713

• Upgraded the Apache HttpClient version from 4.5.3 to 4.5.14 to resolve the following security vulnerability:

  • CVE-2020-13956 (BDSA-2020-2701)

• Upgraded the Apache Commons Codec version from 1.9 to 1.16.1 to resolve the following security vulnerability:

  • BDSA-2012-0001