version: 8.0.1 module: https://talend.poolparty.biz/coretaxonomy/42 product: https://talend.poolparty.biz/coretaxonomy/183
Info | Value |
---|---|
Patch name | Patch_20231226_R2023-12_v3-8.0.1 |
Release date | 2023-12-26 |
Target version | 20211109_1610-8.0.1 |
Product affected | Talend Studio |
This monthly release includes all previous generally available patches for Talend Studio 8.0.1.
For more information about the new features and bug fixes included in this monthly release, see Talend Release Notes.
Consider the following requirements for your system:
Before applying an update to Talend Studio, check:
Note:
A number of jars have been upgraded in this update patch. To avoid confusion, after installing this patch you can delete the CVE impacted versions from your local studio directory and artifact repository. For example, for an old log4j jar:
remove <studio>/configuration/.m2/repository/org/apache/logging/log4j/log4j-core/<version>/log4j-core-<version>.jar
remove the jar from your artifact repository:
groupId: org.apache.logging.log4j
artifactId: log4j-core
version: <version>
Where <studio> is your studio installation folder and <version> is the CVE impacted version. For the upgrade information and the specific impacted versions, see the "Fixed issues" and "Security CVEs" parts of this documentation.
If your Talend Studio supports installing features using the Feature Manager wizard, it can detect and notify you about available patches and install the patches automatically when the Update URL is correctly set up in Talend Studio.
For more information about the Feature Manager wizard, see Managing features in Talend Studio.
For more information about setting up the Update URL, see Configuring update repositories.
To install the patch using Talend CI builder, use the -Dtalend.studio.p2.update
option at build time.
Note:
For more information, see Building and Deploying.
None
None
CVE-2023-46604 (activemq-client 5.17.2), impacted:
DI components
CVE-2023-5072 (Json:20230227), impacted:
APPINT components
DQ components
Studio
DI components
CVE-2015-7501 (net.sourceforge.collections:collections-generic 4.01), impacted:
Studio
CVE-2023-36478, CVE-2023-40167, CVE-2023-36479 (http2-hpack, jetty-http, jetty-servlets:9.4.51.v20230217), impacted:
APPINT components
CVE-2023-39410 (avro:1.8.1, 1.10.2, 1.11.1, 1.11.2), impacted:
APPINT components
Studio
DQ components
BD components
DI components
CVE-2023-34610 (com.cedarsoftware:json-io 4.13.1-TALEND), impacted:
DQ components
CVE-2023-44483 (xmlsec:2.2.3), impacted:
APPINT components
CVE-2022-46751 (ivy-2.5.2.jar), impacted:
BD components
DI components
CVE-2023-34462 (netty-all-4.1.94.Final.jar) impacted:
BD components
CVE-2019-14887 (org.wildfly.openssl:wildfly-openssl-java:1.0.10.Final), impacted:
BD components
CVE-2023-33201 (bcprov-jdk18on-1.77.jar), impacted:
BD components
CVE-2023-33546 (janino-3.1.10.jar), impacted:
BD components
CVE-2023-44981 (zookeeper:3.6.3), impacted:
DI components
CCVE-2013-2160 (woodstox-core-asl:4.0.8), impacted:
DI components
CVE-2023-43642 (org.xerial.snappy:snappy-java 1.1.10.1), impacted:
APPINT components
CVE-2022-33980 (commons-configuration2:2.7), impacted:
APPINT components
CVE-2023-44487 (tomcat-embed-core:9.0.79, io.netty:netty-codec-http2:4.1.94.Final), impacted:
APPINT components
CVE-2022-45688 (org.json:json:20201115), impacted:
APPINT components
CVE-2023-44981 (org.apache.zookeeper:zookeeper:3.5.9), impacted:
APPINT components
CVE-2023-46604 (activemq-client,activemq-openwire-legacy:5.17.4), impacted:
APPINT components
CVE-2021-46877 (jackson-databind:2.11.3), impacted:
APPINT components
(netty-handler:4.1.94.Final), impacted:
APPINT components
Studio
CVE-2023-34610 (json-io:4.9.9) impacted:
DI components
Studio
CVE-2023-2976 (guava-30.1-jre.jar), impacted:
BD components
CVE-2023-3635 (okio:1.6.0) impacted:
BD components
CVE-2020-25649 (jackson-databind-2.10.2.jar), impacted:
BD components
CVE-2021-29425 (commons-io-2.4.jar), impacted:
BD components
CVE-2023-22946 (spark-core:3.3.1), impacted:
BD components
DQ Libraries
CVE-2023-31418 (elasticsearch:7.17.1) impacted:
Studio
CVE-2023-26048 (jetty-util:9.4.51.v20230217) impacted:
DI components
CVE-2023-34462 (netty-handler:4.1.86.Final) impacted:
DI components
CVE-2023-44487,CVE-2023-45648 (tomcat-coyote:9.0.80) impacted:
DI components
CVE-2014-125087 (java-xmlbuilder:0.4) impacted:
DI components
CVE-2023-33546 (janino:2.7.6), impacted:
DI components
APPINT components
CVE-2023-2976 (guava:30.0-jre), impacted:
DI components
APPINT components
BD components
CVE-2023-28513 (com.ibm.mq.allclient:9.3.3.0), impacted:
DI components
CVE-2023-34462 (netty-handler:4.1.92.Final), impacted:
APPINT components
(spring-core:5.3.21), impacted:
DQ components
Studio
CVE-2023-25194 (org.apache.kafka:kafka-clients:2.8.2), impacted:
BD components
CVE-2021-29425 (commons-io-2.4.jar), impacted:
BD components
CVE-2022-31159 (aws-java-sdk-s3:1.12.170), impacted:
BD components
CVE-2023-34455 (snappy-java-1.1.10.1), impacted:
BD components
CVE-2022-23305 (commons-configuration2:2.8.0) impacted:
DI components
CVE-2010-1330 (jline:1.0) impacted:
Studio
CVE-2022-1471 (snakeyaml:1.32-1.33) impacted:
Studio
CVE-2023-3635 (okio:1.15.0) impacted:
Studio
CVE-2022-23305 (commons-configuration2:2.8.0) impacted:
Studio
CVE-2023-34454 (snappy-java:1.1.1.3) impacted:
Studio
CVE-2023-1370 (json-smart:2.4.7), impacted:
DI components
CVE-2009-1523, CVE-2011-4461 (jetty-util-6.1.26.jar), impacted:
BD components
CVE-2018-10237 (guava-11.0.2.jar,guava-18.0.jar), impacted:
BD components
CVE-2019-2692 (mysql-connector-java-3.1.14.jar), impacted:
BD components
CVE-2022-30126,CVE-2022-30973 (tika-core-2.1.0.jar), impacted:
BD components
CVE-2022-21449 (nimbus-jose-jwt-8.23.jar), impacted:
BD components
CVE-2020-5403 (reactor-netty-0.9.4.RELEASE.jar), impacted:
BD components
CVE-2023-30535 (snowflake-jdbc-3.13.29.jar), impacted:
BD components
CVE-2018-17244,CVE-2019-7614 (elasticsearch-5.6.3.jar,elasticsearch-6.4.2.jar), impacted:
BD components
CVE-2019-0201 (zookeeper-3.4.12.jar), impacted:
BD components
CVE-2020-1926 (hive-service-2.3.7.jar), impacted:
BD components
CVE-2023-34455,CVE-2023-34453,CVE-2023-34454 (1.1.2.6, 1.0.4.1, 1.0.5,1.1.8.4,1.1.1.3), impacted:
DI components
CVE-2022-44729,CVE-2022-44730 (org.apache.xmlgraphics:batik-xxx.jar), impacted:
DQ components
DQ Libraries
CVE-2023-34462 (netty-handler:4.1.90.Final), impacted:
Studio
CVE-2023-34034 (spring-security-config-5.7.8.jar), impacted:
APPINT components
CVE-2022-42889 (commons-text-1.8.jar, commons-text-1.9.jar), impacted:
APPINT components
CVE-2014-125087 (java-xmlbuilder-1.0.jar), impacted:
APPINT components
CVE-2022-25647 (gson-2.7.0.jar, gson-2.8.6.jar), impacted:
APPINT components
CVE-2023-33265 (hazelcast-5.2.1.jar), impacted:
APPINT components
CVE-2021-35517 (commons-compress-1.19.jar), impacted:
APPINT components
CVE-2021-31684 (json-smart-2.3.jar), impacted:
APPINT components
CVE-2022-45688 (json-20200518.jar, json-20220320.jar), impacted:
APPINT components
WARNING - BREAKING CHANGES FOR APPLICATION INTEGRATION FEATURES
CVE-2017-1000487 (plexus-utils-3.0.8) impacted:
Studio
CVE-2023-34610 (json-io:4.9.9) impacted:
Studio
CVE-2012-5783 (commons-httpclient:3.1) impacted:
Studio
CVE-2023-37460 (plexus-archiver:4.2.2,4.2.1,4.2.0,3.6.0) impacted:
Studio
APPINT components
CVE-2020-8908,CVE-2023-2976 (guava:30.0-jre) impacted:
Studio
DQ Libraries
CVE-2022-31777 (spark-core_2.12-3.3.0.jar), impacted:
BD components
CVE-2014-3577 (httpclient-4.0.1.jar), impacted:
BD components
CVE-2020-13956 (org.apache.httpcomponents:httpclient:4.5.12), impacted:
BD components
CVE-2021-29425 (hadoop-core-1.2.1.jar), impacted:
BD components
CVE-2023-34455,CVE-2023-34453,CVE-2023-34454 (snappy-java:1.1.7.3), impacted:
APPINT components
CVE-2023-1370 (json-smart:2.4.7), impacted:
APPINT components
CVE-2023-33201 (bcprov-jdk15on:1.69), impacted:
APPINT components
CVE-2023-25194 (kafka-clients:3.2.3), impacted:
DI components
CVE-2022-29599 (maven-shared-utils:0.9.0) impacted:
Studio
CVE-2023-25194 (org.apache.kafka:kafka-clients:3.1.2,3.2.3), impacted:
APPINT components
CVE-2021-4178 (kubernetes-client-5.4.1.jar), impacted:
BD components
CVE-2009-4611 (jetty-6.1.26.jar), impacted:
BD components
CVE-2023-1370 (json-smart-2.4.7.jar), impacted:
BD components
CVE-2021-29425 (commons-io-2.4.jar), impacted:
BD components
CVE-2023-30535 (snowflake-jdbc:3.13.28), impacted:
DI Components
CVE-2023-20860 (spring-webmvc:5.3.26), impacted:
DI Components
CVE-2023-1436 (jettison-1.5.3.jar), impacted:
DI components
CVE-2022-23437 (xercesImpl:2.12.0), impacted:
Studio
CVE-2020-5421 (org.springframework:spring-framework-bom:5.2.7.RELEASE), impacted:
Studio
CVE-2021-35515 (org.apache.commons:commons-compress:1.12), impacted:
metadata
SourceClear Premium (No CVE) (jose4j-0.9.0.jar), impacted:
DI Components
SourceClear Premium (No CVE) (org.apache.maven:maven-core:3.8.6), impacted:
Stuido
CVE-2021-29425 (commons-io-2.4.jar), impacted:
BD components
CVE-2022-31159 / CVE-2022-31159 (aws-java-sdk-bundle 1.11.375 / 1.11.760), impacted:
BD components
CVE-2020-1926 (hive-service-2.1.1), impacted:
BD components
CVE-2022-46364 (cxf related jars), impacted:
MDM components
CVE-2014-3004 (org.codehaus.castor:castor:1.1), impacted:
Studio
CVE-2022-1471 (org.talend.designer.tdqrule), impacted:
Studio
CVE-2022-40152 (com.fasterxml.woodstox:woodstox-core:6.2.6), impacted:
APPINT components
CVE-2022-36033 (org.jsoup:jsoup:1.14.3), impacted:
APPINT components
CVE-2023-1370 (json-smart-2.4.7.jar), impacted:
Studio
DI components
DQ Libraries
CVE-2020-11987 (batik-all:1.10.jar), impacted:
DQ Components
CVE-2023-20861,CVE-2023-20863 (spring-expression:5.3.20), impacted:
APPINT components
CVE-2023-1436 (jettison:1.5.3), impacted:
APPINT components
CVE-2021-37533 (commons-net-3.6.0.jar), impacted:
BD components
CVE-2022-45688 (json-20140107.jar, json-20090211.jar), impacted:
BD components
DI components
CVE-2020-7692(google-oauth-client-1.30.1.jar), impacted:
BD components
CVE-2022-46363 (cxf-rt-transports-http-3.4.7.jar), impacted:
BD components
CVE-2020-28491(jackson-dataformat-cbor 2.10.1), impacted:
BD components
CVE-2020-36518 (jackson-databind:2.12.7.1), impacted:
BD components
CVE-2015-2156 (netty-3.6.2.Final), impacted:
BD components
CVE-2019-14893 (jackson-databind-2.6.7), impacted:
BD components
CVE-2022-42003,CVE-2022-42004 (jackson-databind-2.11.4.jar), impacted:
DQ Libraries
DQ components
CVE-2021-36373,CVE-2021-36374 (ant:1.10.9), impacted:
DQ Libraries
CVE-2022-23437 (xercesImpl:2.12.0), impacted:
DQ Libraries
CVE-2023-26048 (jetty-server:11.0.11), impacted:
DQ Libraries
CVE-2023-30535 (snowflake-jdbc:3.13.8), impacted:
Studio
CVE-2020-8908 (guava:10.0.1), impacted:
Studio
CVE-2020-13956 (org.apache.httpcomponents:httpclient:4.5.10), impacted:
Studio
CVE-2023-24998 (commons-fileupload-1.4.jar), impacted:
DI components
CVE-2022-43902 (com.ibm.mq.allclient-1.4.jar), impacted:
DI components
SourceClear Premium (No CVE) (core-io-1.7.23.jar), impacted:
DI Components
CVE-2022-3171 (libphonenumber-7.2.8.jar), impacted:
APPINT Components
CVE-2022-45688 (json-20140107.jar, json-20090211.jar), impacted:
Studio
APPINT Components
DQ Components
CVE-2022-41854,CVE-2022-38752,CVE-2022-1471(snakeyaml-1.26.jar, snakeyaml-1.31.jar, snakeyaml-1.32.jar, snakeyaml-1.33.jar), impacted:
Studio
APPINT Components
DQ Components
CVE-2022-40152(woodstox-core-5.3.0.jar), impacted:
BD components
CVE-2022-41828 (redshift-jdbc42-2.1.0.3.jar), impacted:
BD components
CVE-2019-10086(commons-beanutils-1.9.3.jar), impacted:
BD components
CVE-2022-34917 (org.apache.kafka:kafka-clients 2.4.0,2.7.0,2.8.0,2.8.1), impacted:
BD components
CVE-2020-28491(jackson-dataformat-cbor 2.10.0,2.10.1), impacted:
BD components
CVE-2018-3258(mysql-connector-java-8.0.12.jar), impacted:
BD components
CVE-2022-45787 (org.apache.james:apache-mime4j:0.6), impacted:
Studio
CVE-2021-26291 ( pax-url-aether-2.6.2.jar), impacted:
DI components
CVE-2022-23710 CVE-2022-23708 (elastic related jars), impacted:
Studio
CVE-2022-41881 (netty related jars), impacted:
Studio
CVE-2023-26464 (log4j jar), impacted:
DQ Libraries
CVE-2019-12415 (poi-4.0.1.jar), impacted:
Studio
CVE-2020-13936 (velocity-1.7.jar), impacted:
APPINT components
Studio
CVE-2022-41915 (netty-codec-http-4.1.77.Final.jar), impacted:
APPINT components
CVE-2021-37533 (commons-net-3.8.0.jar), impacted:
APPINT components
CVE-2020-7692(google-oauth-client-1.22.0.jar), impacted:
BD components
CVE-2022-46364(cxf-core-3.4.7.jar), impacted:
BD components
CVE-2019-20444 (netty-codec-http 4.1.13.FINAL and 4.1.16.FINAL), impacted:
BD components
CVE-2022-42889 (commons-text-1.8.jar), impacted:
BD components
CVE-2021-37533 (commons-net:commons-net:2.2,3.3,3.6,3.8.0), impacted:
BD components
DI components
CVE-2022-42003 (jackson-databind-2.13.3.jar), impacted:
BD components
CVE-2022-25647 (gson-2.2.4.jar), impacted:
BD components
CVE-2022-25857 (snakeyaml-1.24.jar and snakeyaml-1.30.jar), impacted:
BD components
CVE-2023-22899 (zip4j-2.10.0.jar), impacted:
DI components
CVE-2022-36033 (jsoup-1.14.3.jar), impacted:
DI components
CVE-2022-45693 (jettison-1.5.1.jar), impacted:
DI components
APPINT components
CVE-2022-40151 (xstream-1.4.19.jar), impacted:
Studio
DI components
APPINT components
DQ components
CVE-2022-41828(redshift-jdbc42-2.1.0.3.jar), impacted:
BD components
CVE-2020-13949(libthrift-0.12.0.jar), impacted:
BD components
CVE-2021-38296(spark-hive-thriftserver_2.12-3.1.1.jar), impacted:
BD components
CVE-2022-40152(woodstox-core-5.0.3.jar), impacted:
BD components
CVE-2020-13936 (velocity-1.7.jar), impacted:
DI components
CVE-2021-23926 (xmlbeans-2.6.0.jar), impacted:
DI components
CVE-2022-41881 (netty-codec-haproxy-4.1.77.Final.jar), impacted:
DI components
CVE-2021-39139,CVE-2021-39149 (com.thoughtworks.xstream:xstream:1.4.17), impacted:
APPINT components
CVE-2022-31692 (spring-security-web-5.6.5.jar), impacted:
Studio
CVE-2018-10899 (jolokia-core-1.6.0.jar), impacted:
Studio
CVE-2021-37533 (commons-net:commons-net:2.2,3.3,3.6,3.8.0), impacted:
Studio
DQ Libraries
CVE-2022-31684 (reactor-netty-http-1.0.18.jar), impacted:
DI components
CVE-2012-0881 (xerces:xercesImpl:2.11.0.jar), impacted:
Studio
CVE-2020-13956 (org.apache.httpcomponents:httpclient:4.5.10.jar), impacted
Studio
CVE-2012-5785 (axis2-kernel-1.7.8.jar), impacted:
Studio
CVE-2022-36033 (org.jsoup:jsoup:1.14.2.jar, org.jsoup:jsoup:1.14.3.jar), impacted
Studio
CVE-2022-46364 (cxf-core-3.4.4.jar, cxf-core-3.4.7.jar), impacted:
DI Components
APPINT Components
MDM Components
Studio
CVE-2022-46363 (cxf-rt-transports-http-3.4.4.jar), impacted:
APPINT Components
CVE-2021-45046 (org.apache.logging.log4j:log4j-core:2.13.3), impacted:
APPINT Components
CVE-2022-40664 (org.apache.shiro:shiro-lang:1.7.1), impacted:
APPINT Components
CVE-2022-25312 (org.apache.any23:apache-any23-core:2.3), impacted:
APPINT Components
CVE-2022-33980 (org.apache.commons:commons-configuration2:2.1.1), impacted:
BD Components
APPINT Components
CVE-2022-40152 (woodstox-core-6.2.6.jar,woodstox-core-6.2.7.jar,woodstox-core-6.2.8.jar,woodstox-core-5.2.0jar,woodstox-core-5.3.0jar), impacted:
DI Components
APPINT Components
MDM Components
DQ Libraries
Studio
CVE-2022-45685,CVE-2022-45693 (jettison-1.5.1.jar), impacted:
DQ Libraries
(netty-handler-4.1.84.Final.jar), impacted:
DQ Libraries
CVE-2022-41828 (redshift-jdbc42-2.1.0.3.jar), impacted:
DI components
Studio
SourceClear Premium (No CVE) (commons-codec-1.9.jar), impacted:
DI components
CVE-2022-25168 (hadoop-common-2.6.0-cdh5.4.0), impacted:
BD components
CVE-2019-20444 (netty-codec-http 4.1.13.FINAL and 4.1.16.FINAL), impacted:
BD components
CVE-2019-16942 (jackson-databind-2.10.0), impacted:
BD components
CVE-2017-12629 (lucene-query-parser-6.6.1), impacted:
BD components
CVE-2018-1282 (hive-jdbc-2.1.1), impacted:
BD components
CVE-2020-35491,CVE-2019-16943(jackson-mapper-asl-1.9.13), impacted:
BD components
CVE-2022-40149 (jettison-1.1.jar), impacted:
DI components
studio
CVE-2022-30126 (org.apache.tika:tika-core:1.28.1), impacted:
DI components
APPINT Components
CVE-2022-37865 (ivy-2.4.0.jar), impacted:
DI components
BD components
DQ Libraries
CVE-2022-45047 (sshd-common-2.8.0.jar), impacted:
DI components
CVE-2022-3171 (protobuf-java-3.19.6.jar), impacted:
BD components
DI components
CVE- (aws-java-sdk-core-1.9.16.jar), impacted:
BD components
CVE- (bctls-jdk15on-1.68.jar, bcprov-jdk15on-1.68.jar), impacted:
BD components
DI components
studio
CVE- (commons-codec-1.11.jar), impacted:
studio
CVE-2022-42920 (bcel-5.2.jar, bcel-6.3.1.jar), impacted:
DQ components
CVE-2022-41704 (batik-bridge-1.15.jar), impacted:
DQ Libraries
CVE-2022-42890 (batik-script-1.15.jar), impacted:
DQ Libraries
CVE-2022-25857 (snakeyaml-1.26.jar), impacted:
studio
CVE-2019-14439 (jackson-databind-2.4.0.jar), impacted:
APPINT Components
CVE-2020-9548 (jackson-databind-2.7.9.jar), impacted:
APPINT Components
CVE- (reload4j-1.2.19.jar), impacted:
APPINT Components
CVE-2022-25857 (snakeyaml-1.26.jar), impacted:
DI components
TSAP-RFC-SERVER
Talend Metadata Bridge
CVE-2022-42889 (org.apache.commons:commons-text:[1.5-1.10.0)), impacted:
studio
DQ libraries
BD components
DQ components
APPINT Components
DI components
CVE-2022-42003, CVE-2022-42004 (jackson-databind-2.13.2.2jar), impacted:
studio
metadata
DQ libraries
MDM components
APPINT Components
DI components
CVE-2022-3171 (com.google.protobuf:protobuf-java:3.19.2), impacted:
studio
DQ libraries
DQ components
CVE-2022-34169 (xalan:xalan:2.7.2), impacted:
DQ components
CVE-2022-34917 (org.apache.kafka:kafka-clients:3.1.0), impacted:
APPINT Components
CVE-2022-39135 (org.apache.calcite:calcite-core:1.26.0), impacted:
DI components
CVE-2022-41853 (org.hsqldb:hsqldb:2.3.1), impacted:
studio
DI components
SourceClear Premium (No CVE) (ch.qos.reload4j:reload4j < 1.2.22), impacted:
studio
DI components
CVE-2022-24823 (netty-common-4.1.75.final.jar), impacted:
DI components
DQ Libraries
CVE-2022-33980 (commons-configuration2:2.1.1), impacted:
BD components
CVE-2022-25857 (snakeyaml-1.27.jar,snakeyaml-1.30.jar), impacted:
Studio
APPINT Components
CVE-2022-40149 (org.codehaus.jettison:jettison:[1.1 1.4.1]), impacted:
APPINT Components
DQ Libraries
CVE-2022-40155 (xstream-1.4.19.jar), impacted:
DQ Libraries
CVE-2022-38648 (batik-bridge-1.14.jar), impacted:
DQ Libraries
CVE-2022-25914 (jib-core-0.12.jar), impacted:
Studio
CVE-2022-25168 (hadoop-common-3.2.3.jar), impacted:
DI components
CVE-2020-10683 (dom4j-1.1.jar), impacted:
Studio
CVE-2022-31197 (org.postgresql:postgresql:42.2.25), impacted:
metadata
DI components
CVE-2022-2047 (jetty-io.jar), impacted:
DI components
CVE-2022-36364 (avatica-core-1.11.0.jar), impacted:
DI components
CVE-2022-34169 (xalan:xalan:2.7.2), impacted:
DI libraries
CVE-2022-25168 (hadoop-common-3.2.3.jar), impacted:
BD components
DQ libraries
TDM-9448 - Fix CVE in Unflattener editor
TDQ-20610 - org.apache.lucene:lucene-core upgraded to 8.11.2
CVE-2022-31159 (aws-java-sdk.jar), impacted:
DI components
BD components
CVE-2021-35516 (commons-compress-1.20.jar), impacted:
metadata bridge
CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-45105 (tadt-definitions.translator-14.1.8-jar-with-dependencies.jar), impacted:
APPINT API translator
CVE-2022-21724 (postgresql-42.2.25.jar), impacted:
DQ components
CVE-2012-5785 (axis2-1.6.2.jar), impacted:
DQ components
CVE-2019-12415 (poi-ooxml-3.17.jar), impacted:
DQ components
Use update statement without subqueries
in tELTOutputCVE-2022-34169 (xalan:xalan:2.7.2), impacted:
DQ libraries
CVE-2022-31159 (com.amazonaws:aws-java-sdk-s3:1.12.261), impacted:
DQ libraries
CVE-2022-2047 (org.eclipse.jetty:jetty-http:11.0.6), impacted:
DQ libraries
CVE-2022-2191 (org.eclipse.jetty:jetty-io:11.0.6), impacted:
DQ libraries
CVE-2022-33980 (commons-configuration2:2.1.0-2.7.0), impacted:
DI components
MDM components
Studio
SourceClear Premium (No CVE) (maven-core-3.8.3), impacted:
Studio
Build
DQ Components
DQ libraries
CVE-2021-40690 (xmlsec:2.1.2), impacted:
DI components
CVE-2021-22573 (google-oauth-client-1.31.0-1.31.5), impacted:
DI components
CVE-2022-23437 (xercesImpl-2.12.0.jar), impacted:
DI Components
CVE-2021-38986, CVE-2022-22321 (com.ibm.mq.allclient-9.2.4.0.jar), impacted:
DI Components
CVE-2022-26336 (poi-4.1.2-20200903124306modifiedtalend.jar, poi-ooxml-4.1.2-20200903124306modifiedtalend.jar), impacted:
DI Components
CVE-2022-26612 (org.apache.hadoop:hadoop-common:3.2.3), impacted:
BD Components
CVE-2022-29885 (tomcat-embed:9.0.62 jars), impacted:
APPINT Components
PRISMA-2021-0193 (flatpack-4.0.5.jar), impacted:
APPINT Components
CVE-2022-2048 (jetty:9.4.43.v20210629), impacted:
APPINT Components
CVE-2021-29425 (hadoop-core-1.2.1.jar), impacted:
studio
CVE-2018-10054 (com.h2database:h2:2.1.210), impacted:
Studio
None
CVE-2022-29599 (maven-shared-utils:3.2.1), impacted:
Studio
CVE-2021-26291 (maven-artifact-manager-2.0.6.jar, maven-artifact-manager-2.0.9.jar), impacted:
Studio
CVE-2016-2510 (bsh-2.0b4.jar), impacted:
Studio
CVE-2016-3506 (ojdbc6.jar), impacted:
BD components
CVE-2021-30468 (cxf-3.3.x), impacted:
BD Components
CVE-2022-25647 (gson-2.8.1.jar,com.google.code.gson:gson:2.2.4-2.8.5), impacted:
Studio
DI components
BD components
CVE-2021-29425| CWE-22 (commons-io-2.6.jar), impacted:
Studio bridge
DQ Components
CVE-2021-38153 (kafka-clients-2.0.0.jar, kafka-clients-2.4.1.jar), impacted:
DI components
CVE-2020-15250 (woodstox-core-5.1.0.jar), impacted:
DI components
MDM components
CVE-2022-24823 (netty-common-4.1.74.Final.jar), impacted:
APPINT components
CVE-2022-22970 (spring-core-5.3.19.jar), impacted:
Studio
DQ components
CVE-2020-36518 (jackson-databind:2.11.4), impacted:
MDM Components
CVE-2018-10237 (guava-24.0-jre.jar,guava-25.1-android.jar), impacted:
studio
CVE-2022-21724 (postgresql-42.2.14.jar), impacted:
metadata
DI components
DQ components
CVE-2022-21449 (nimbus-jose-jwt-8.11.jar), impacted:
DI components
DQ Libraries
CVE-2019-16869 (core-io-1.6.2.jar), impacted:
DI components
CVE-2022-25647 (gson-2.8.6.jar), impacted:
DQ Libraries
CVE-2022-24823 (netty-common-4.1.59.Final.jar,netty-all-4.1.59.Final.jar), impacted:
DQ Libraries
CVE-2021-23926 (xmlbeans-2.3.0.jar,xmlbeans-2.6.0.jar), impacted:
studio
CVE-2021-29425 (commons-io-2.6.jar), impacted:
studio
SourceClear Premium(No CVE) (mongo-java-driver-3.12.8.jar), impacted:
DI Components
CVE-2022-22970 (spring-messaging-5.3.19.jar), impacted:
APPINT components
CVE-2021-43859 (xstream-1.4.18.jar), impacted:
DI Components
CVE-2019-12415 (poi-ooxml-4.0.1.jar), impacted:
DI Components
CVE-2021-43797 (netty-codec-http-4.1.68.Final.jar), impacted:
DI Components
CVE-2020-36518 (jackson-databind:2.10.5.1,2.11.4,2.12.0,2.12.1), impacted:
DI Components
Studio
DQ Libraries
CVE-2016-2183 (org.bouncycastle:bcprov-jdk16:1.46), impacted:
Studio
CVE-2022-22968 (org.springframework:spring-context:5.3.18), impacted:
APPINT Components
DQ Components
Studio
CVE-2022-26612 (org.apache.hadoop:hadoop-common:3.2.1), impacted:
DI Components
DQ Libraries
SourceClear Premium(No CVE) (org.ops4j.pax.url:pax-url-aether:2.6.2), impacted:
DI Components
CVE-2021-35517 (commons-compress-1.19.jar), impacted:
metadata bridge
CVE-2021-33813 (jdom2-2.0.6.jar), impacted:
DI Components
CVE-2021-30129 (sshd-core-2.7.0.jar), impacted:
DI Components
CVE-2021-22569 (protobuf-java-2.5.0.jar,protobuf-java-3.4.0.jar), impacted:
DQ Components
Studio
CVE-2019-4055 (com.ibm.mq.allclient-8.0.0.9.jar), impacted:
DI Components
CVE-2020-36518 (jackson-core-2.11.4/2.12.0.jar,jackson-databind-2.11.4/2.12.0.jar), impacted:
Build
APPINT Components
CVE-2021-38153 (kafka-clients-2.8.0.jar), impacted:
APPINT Components
CVE-2021-22096 (spring-core-5.3.8.jar), impacted:
APPINT Components
CVE-2022-23305 CVE-2022-23302 CVE-2021-4104 CVE-2019-17571 (log4j1.x), impacted:
DI Components
DQ Components
BD Compoents
Studio
CVE-2017-5929 (logback-core-1.0.9.jar,logback-classic-1.0.9.jar), impacted:
DI Components
CVE-2021-30468 (cxf-3.3.x), impacted:
DI Components
Studio
SourceClear Premium(No CVE) (org.ops4j.pax.url.mvn_2.6.2.Talend.jar), impacted:
Studio
CVE-2022-22950 CVE-2022-22965 (spring-core), upgraded to version 5.3.18, impacted:
APPINT Components
DQ Components
BD Compoents
Studio
CVE-2021-36373 (ant-1.10.9.jar), impacted:
DI Components
CVE-2012-5785 (axis2-kernel-1.8.0.jar), impacted:
DI Components
CVE-2021-22569 (protobuf-java-3.4.0.jar), impacted:
DI Components
CVE-2022-23221 (h2-2.0.206.jar), impacted:
Studio
CVE-2022-23437 (xercesImpl-2.12.0.jar), impacted:
Studio
CVE-2022-23305 (log4j-1.2.17.jar), impacted:
Build, Deploy job
CVE-2021-43859 (xstream-1.4.18.jar), impacted:
APPINT Components
DQ Libraries
Studio
CVE-2021-43797 (netty-codec-4.1.68.Final.jar), impacted:
APPINT Components
CVE-2021-22096 (spring-core-5.1.18.RELEASE.jar), impacted:
Studio
CVE-2020-25638 (maven-shared-utils:[0.4,0.1]), impacted:
Studio
CVE-2021-42392 (com.h2database:h2:1.4.198), impacted:
Studio
CVE-2012-5785 (axis2-kernel-1.7.8.jar), impacted:
metadata bridge
CVE-2012-0881 (xercesImpl:[2.11.0,2.11.0]), impacted:
metadata bridge
None
CVE-2012-0881 (xercesImpl-2.9.1.jar), impacted:
Studio
SourceClear Premium (No CVE) (jackson-mapper-asl-1.9.15-TALEND,jackson-core-asl-1.9.15-TALEND), impacted:
Studio
DI Components
DQ Components
SourceClear Premium (No CVE) (maven-core-3.8.1), impacted:
Studio
Build
DQ Components
CVE-2021-36373 (ant-1.10.9.jar), impacted:
Build, publish docker images
CVE-2015-5237 (protobuf-java-2.5.0.jar), impacted:
DI Components
CVE-2021-37136, CVE-2021-37137 (netty-codec-4.0.33.Final.jar,netty-codec-4.1.65.Final.jar), impacted:
DI Components
Cassandra metadata
CVE-2021-45105 (log4j-core-2.16.0.jar, log4j-1.2-api-2.16.0.jar), impacted:
DI Components
DQ Components
APPINT Components
Studio
CVE-2012-5785 (axis2-kerne-1.8.0.jar), impacted:
Studio
CVE-2021-22144 (elasticsearch-7.3.2.jar), impacted:
Studio
CVE-2021-44228, CVE-2021-45046 (log4j-core-2.13.2.jar, log4j-core-2.14.1.jar), impacted:
DI Components
DQ Components
APPINT Components
Studio
metadata bridge
CVE-2020-28052 (bcprov-jdk15on-1.62.jar), impacted:
Studio
SourceClear Premium (No CVE) (oauth2-oidc-sdk-6.5.jar,adal4j-1.6.5.jar), impacted:
DI Components
Microsoft SQL Server database metadata
SourceClear Premium (No CVE) (commons-codec-1.11), impacted:
Build, publish docker images
CVE-2021-37714 (jsoup-1.11.2.jar), impacted:
DI Components
CVE-2015-5237 (protobuf-java-3.3.0.jar), impacted:
DI Components
CVE-2021-28168 (jersey-common-2.30.jar), impacted:
DI Components
CVE-2021-39239 (jena-core-2.10.0.jar), impacted:
DI Components
DQ Profiling
CWE-327(bcprov-jdk15on-1.69.jar), impacted:
DI Components
CVE-2021-40690 (xmlsec-2.2.0.jar), impacted:
APPINT Components
CVE-2021-37137 (netty-codec-4.1.50.Final.jar,netty-codec-4.1.59.Final.jar), impacted:
APPINT Components
CVE-2021-20328 (mongodb-driver-core-4.2.3.jar,mongodb-driver-sync-4.2.3.jar,bson-4.2.3.jar,mongo-java-driver-3.12.8.jar), impacted:
DI Components
BD Components
MongoDB metadata
CVE-2021-35517 (commons-compress-1.18.jar), impacted:
metadata bridge