22.5.0
OpenSSL upgraded to v3.0.7 on Core 22.5.0 VEN
The openssl package has been upgraded to v3.0.7 in order to address CVE-2022-3786 and CVE-2022-3602. For additional information on the affected versions of the VEN, review the Security Advisory here.
devise-two-factor upgraded to v4.0.2
The devise-two-factor gem has been upgraded to v4.0.2 in order to address CVE-2021-43177.
jquery-rails upgraded to v4.5.0The jquery-rails gem has been upgraded to v4.5.0 in order to address CVE-2020-11023.
rails-html-sanitizer upgraded to v1.4.3
The rails-html-sanitizer gem has been upgraded to v1.4.3 in order to address CVE-2022-32209.
yajl-ruby upgraded to v1.4.3
The yajl-ruby package has been upgraded to v1.4.3 in order to address CVE-2022-24795
consul upgraded to v1.13.2
The consul package has been upgraded to v1.13.2 in order to address CVE-2022-29153, CVE-2022-24687, CVE-2021- 41805, CVE-2021-38698, and CVE-2021-37219.
PostgreSQL upgraded to v13.8
The postgresql package has been upgraded to v13.8 in order to address CVE-2022-2625.
zlib upgraded to v1.2.12
The zlib package has been upgraded to v1.2.12 in order to address CVE-2018-25032.
netaddr upgraded to v1.5.3
The netaddr gem has been upgraded to v1.5.3 in order to address CVE-2019-17383.
Misconfigured PCE could lead to sensitive information being disclosed within log files
If the PCE was misconfigured, such as when pce_fqdn was unreachable and/or resolving to the wrong IP address, passwords could be written to logs in plaintext. This issue is resolved.