Resolved Security Issues in 23.2.30-PCE
Upgraded cURL to v8.7.1 to address multiple CVEs
json-jwt 1.13.0.gem upgraded to json-jwt-1.16.6 (E-114939)
json-jwt-1.13.0.gem upgraded to json-jwt1.16.6 to address CVE-2023-51774. This CVE did not impact Illumio PCE.
Upgrade rails-6.1.7.4.gem to 6.1.7.7, 7.0.8.1 or higher to address CVE-2024-26144 (E-114138)
Starting with Rails version 5.2.0, there was a possible sensitive session information leak in Active Storage. This vulnerability was fixed in Rails releases 7.0.8.1 and 6.1.7.7. and this issue will not be addressed.
Upgrade PostgreSQL to address CVE-2023-5869 and CVE-2023-5868 (E-111556)
PostgreSQL was upgraded to mitigate exposure to two CVEs: CVE-2023-5868 and CVE-2023-5869. As the PCE uses PostgreSQL internally and does not offer external user acces, the likelihood of this exploit is low without additional access privileges.