2.8.12¶
(2022-04-18)
What’s new¶
Improvements have been made to clarify the presentation of vulnerability scan summary counts in the MSR web UI, for Critical, High, Medium, and Low in both the Vulnerabilities column and in the View Details view.
Note
Although ENGDTR-3008 was reported as a known issue for MSR 2.8.11, the reported counts were at all times reliable and factually correct.
(ENGDTR-3008)
Security¶
Upgraded Cyrus SASL to version 2.1.28-r0 in Alpine 3.15.2 to resolve CVE-2022-24407.
Resolved the following golang runtime vulnerabilities:
CVE-2021-38297, CVE-2019-14809, CVE-2019-11888, CVE-2017-15041, CVE-2022-23806, CVE-2022-24921, CVE-2022-23773, CVE-2022-23772, CVE-2021-44716, CVE-2021-41772, CVE-2021-41771, CVE-2021-39293, CVE-2021-33198, CVE-2021-33196, CVE-2021-33194, CVE-2021-27918, CVE-2021-3115, CVE-2020-28367, CVE-2020-28366, CVE-2020-28362, CVE-2020-16845, and CVE-2021-33195.
Vulnerability scans may reveal the following CVEs, though there is no impact on MSR:
CVE-2019-15562, CVE-2022-2364, CVE-2022-0778, CVE-2019-16884, CVE-2018-7187, CVE-2019-6486, CVE-2018-16874, CVE-2018-16873, CVE-2022-25365, CVE-2021-3162, CVE-2019-9634, CVE-2019-3466, CVE-2018-6574, CVE-2021-36690, CVE-2021-29923, CVE-2019-16276, and CVE-2018-16875,