From Ellucian
“This is related to spring-security-web. We are moving to spring-security-web-5.6.9.jar CVE-2022-31692 – spring-security-web-5.6.2.jar Fix – spring-security-web-5.6.2.jar upgraded to spring-security-web-5.6.9.jar This is being addressed in December 1st 2022 releases”
- Our original goal was to have the December 1 release for 8x be a patch rather than a minor upgrade. Unfortunately, due to some issues during our packaging process, we’ve had to make this a minor upgrade. The release number now is 8.43.2 and 8.43.2 will be dependent on 8.43.1 being installed.
- Due changes to improve product quality, upgrade to current releases of third-party software, improve stability, and maintain security standards, our December 1 release will now require Banner General 8.14.4 and Banner Admin Common 9.3.29.2 patch releases which are also being released on December 1.
We realize this is new information and are posting now to prepare you for these new dependencies.
Dependencies for BA FIN AID 8.43.2 and IM Need Analysis 8.43.0.1
- Banner Financial Aid 8.43.1
- Banner General 8.14.4
- Banner Student 8.20.3
- Banner Account Receivable 8.5.4, 8.5.4.1 and 8.5.4.2
Dependencies for BA FIN AID 9.3.32.1
- Banner Admin Common 9.3.29.2
- Banner Financial Aid 8.43.2
- Banner General 8.14.4