Improvements have been made to clarify the presentation of vulnerability scan summary counts in the MSR web UI, for Critical, High, Medium, and Low in both the Vulnerabilities column and in the View Details view.
Although ENGDTR-3008 was reported as a known issue for MSR 2.9.6, the reported counts were at all times reliable and factually correct.
Fixed an issue in the MSR web UI wherein an input was missing from the team LDAP sync form that prevented users from submitting the form (ENGDTR-3089, FIELD-4587).
Upgraded Cyrus SASL to version 2.1.28-r0 in Alpine 3.15.2 to resolve CVE-2022-24407.
Resolved the following Golang runtime vulnerabilities:
CVE-2021-38297, CVE-2019-14809, CVE-2022-23806, CVE-2019-6486, CVE-2022-24921, CVE-2022-23773, CVE-2022-23772, CVE-2021-44716, CVE-2021-41772, CVE-2021-41771, CVE-2021-39293, CVE-2021-33198, CVE-2021-33196, CVE-2021-33194, CVE-2021-27918, and CVE-2021-33195.
Resolved the following libxml2 vulnerabilities:
Vulnerability scans may reveal the following CVEs, though they have no impact on MSR:
CVE-2019-15562, CVE-2019-3466, CVE-2022-0778, CVE-2021-22570, CVE-2022-26488, CVE-2021-4160, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21299, CVE-2022-21296, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21282, CVE-2022-21271, CVE-2022-21248, CVE-2019-11888, CVE-2017-15041, CVE-2018-7187, CVE-2018-16874, CVE-2018-16873, CVE-2019-9634, CVE-2018-6574, CVE-2022-23648, CVE-2021-36690, CVE-2021-29923, CVE-2021-3115, CVE-2020-28367, CVE-2020-28366, CVE-2020-28362, CVE-2020-16845, CVE-2019-16276, and CVE-2018-16875.