Pentaho

 View Only
Back to discussions
Expand all | Collapse all

Vulnerability Found in Spring Version Used in Pentaho CE Version 9.4

This thread has been viewed 10 times

  • 1.  Vulnerability Found in Spring Version Used in Pentaho CE Version 9.4

    Posted 12-20-2023 03:50

    Dear Members,

    We are using Pentaho CE Version 9.4. We found that this version of Pentaho is using lower version of Spring ,which has quite a few critical Vulnerabilities. We have scan the machine / image with Snyk tool.

    Since this JAR files are internal to Pentaho as a Product, We are not sure how to tackle them from upgrade point of view?

    Couple of things , I need help.

    1. Should we upgrade their version by our own? Would it impact the overall product?
    2. Should we downgrade our version to 9.3 since it contains patches? Does version 9.3 cover the fix of Spring Vulnerabilities?
    3. What is the plan to fix these critical Vulnerabilities in version 9.4?

    Hoping for the answers to guide me in right direction.

    Thanks, Niraj Salot.



    ------------------------------
    Niraj Salot
    Others
    Scan-IT
    ------------------------------


Related Content