2.8.11¶
(2022-02-10)
What’s new¶
A Synopsys scanner update, to release 2021.12.0.
With the 2021.12.0 release, Synopsys scanner can now self-scan all MSR components and run other test cases without any regressions.
(ENGDTR-2816)
Bug fixes¶
Fixed an issue wherein, on logout from the MSR web UI, users sometimes received the warning:
Sorry, we don't recognize this path
(FIELD-4339).Fixed an issue in the MSR web UI wherein if a user who wants to change their password entered an incorrect password into the Current password field and clicked Save, the screen would go blank (ENGDTR-2785).
Security¶
Resolved the following OpenSSL vulnerability: CVE-2021-3712
Resolved the following django vulnerability: CVE-2021-44420
Resolved the following libexpat vulnerabilities: CVE-2022-23990 CVE-2022-23852
Resolved the following golang runtime vulnerabilities: CVE-2021-38297 CVE-2021-44716 CVE-2021-41772 CVE-2021-41771 CVE-2021-39293 CVE-2021-33198 CVE-2021-33196 CVE-2021-33195 CVE-2021-34558 CVE-2021-33197
Resolved the following postgresql vulnerabilities: CVE-2021-32027 CVE-2021-32029 CVE-2021-32028.
Vulnerability scans may reveal the following CVEs, though there is no impact on MSR:
CVE-2022-23990, CVE-2022-23852, CVE-2021-38297, CVE-2021-3711, CVE-2019-14809, CVE-2019-11888, CVE-2017-15041, CVE-2021-32027, CVE-2018-7187, CVE-2021-30465, CVE-2019-6486, CVE-2018-16874, CVE-2018-16873, CVE-2021-3162, CVE-2019-9634, CVE-2018-6574, CVE-2021-44716, CVE-2021-41772, CVE-2021-41771, CVE-2021-39293, CVE-2021-33198, CVE-2021-33196, CVE-2021-33194, CVE-2021-29923, CVE-2021-27918, CVE-2021-3115, CVE-2020-28367, CVE-2020-28366, CVE-2020-28362, CVE-2020-26160, CVE-2020-16845, CVE-2019-16884, CVE-2019-16276, CVE-2018-16875, CVE-2021-21284, CVE-2021-36976, CVE-2021-3114, CVE-2020-24553, CVE-2021-31525, CVE-2020-15586, CVE-2017-15042, CVE-2017-8932, CVE-2021-3572, CVE-2020-29510, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21248, CVE-2021-43784, CVE-2020-14039, CVE-2020-27534.
Known issue¶
Vulnerability scan miscalculation in MSR web UI
The summary counts that MSR displays for Critical, High, Medium, and Low in both the Vulnerabilities column and in the View Details view are unreliable and may be incorrect when displaying non-zero values. The Components tab displays correct values for each component.
Workaround:
Navigate to the Components tab, review the individual non-green components, and separately calculate the total of the numbers that present as Critical, High, Medium, and Low.
(ENGDTR-3008)