uniCenta oPOS Release 5.3.1

The main objective of this release is to remediate the 24 critical security vulnerabilities which we have discovered when running  trivy and synk vulnerability scans. We've also included the output from the scans  to show the issues resolved. On top of the security updates we've also managed to make some improvements and bug fixes.

Release notes - unicenta-opos - 5.3.1

Improvement

UOCL-265 Spanish Translation

Story

UOCL-277 Security Fix xmlgraphics library

UOCL-278 Security Fix jasperreports library

UOCL-279 Security Fix postgresql library

UOCL-280 Security Fix Apache Derby library

UOCL-281 Critical Security Fix com.thoughtworks.xstream:xstream library

UOCL-282 Critical Security Spring Framework library

Bug

UOCL-246 Reprinting the last receipt not working correctly

UOCL-274 top 10 sales report not working

UOCL-283 ZATCA QR-code not printing

 

Trivy output

pom
Package Vulnerability ID Severity Installed Version Fixed Version Links
axis:axis CVE-2023-40743 CRITICAL 1.4
com.fasterxml.jackson.core:jackson-databind CVE-2017-15095 CRITICAL 2.1.4 2.8.11, 2.9.4, 2.6.7.3, 2.7.9.2
com.fasterxml.jackson.core:jackson-databind CVE-2017-17485 CRITICAL 2.1.4 2.9.4, 2.8.11, 2.7.9.2
com.fasterxml.jackson.core:jackson-databind CVE-2017-7525 CRITICAL 2.1.4 2.6.7.1, 2.7.9.1, 2.8.9
com.fasterxml.jackson.core:jackson-databind CVE-2018-11307 CRITICAL 2.1.4 2.7.9.4, 2.8.11.2, 2.9.6
com.fasterxml.jackson.core:jackson-databind CVE-2018-14718 CRITICAL 2.1.4 2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3
com.fasterxml.jackson.core:jackson-databind CVE-2018-14719 CRITICAL 2.1.4 2.9.7, 2.8.11.3, 2.7.9.5
com.fasterxml.jackson.core:jackson-databind CVE-2018-19362 CRITICAL 2.1.4 2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3
com.fasterxml.jackson.core:jackson-databind CVE-2018-7489 CRITICAL 2.1.4 2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5
com.fasterxml.jackson.core:jackson-databind CVE-2019-14379 CRITICAL 2.1.4 2.9.9.2, 2.8.11.4, 2.7.9.6
com.fasterxml.jackson.core:jackson-databind CVE-2019-14540 CRITICAL 2.1.4 2.9.10, 2.8.11.5, 2.6.7.3
com.fasterxml.jackson.core:jackson-databind CVE-2019-16335 CRITICAL 2.1.4 2.9.10, 2.8.11.5, 2.6.7.3
com.fasterxml.jackson.core:jackson-databind CVE-2019-16942 CRITICAL 2.1.4 2.9.10.1, 2.8.11.5, 2.6.7.3
com.fasterxml.jackson.core:jackson-databind CVE-2019-16943 CRITICAL 2.1.4 2.9.10.1, 2.8.11.5, 2.6.7.3
com.fasterxml.jackson.core:jackson-databind CVE-2019-17267 CRITICAL 2.1.4 2.9.10, 2.8.11.5
com.fasterxml.jackson.core:jackson-databind CVE-2019-17531 CRITICAL 2.1.4 2.9.10.1, 2.8.11.5, 2.6.7.3
com.fasterxml.jackson.core:jackson-databind CVE-2019-20330 CRITICAL 2.1.4 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2
com.fasterxml.jackson.core:jackson-databind CVE-2020-8840 CRITICAL 2.1.4 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3
com.fasterxml.jackson.core:jackson-databind CVE-2020-9547 CRITICAL 2.1.4 2.9.10.4, 2.8.11.6, 2.7.9.7
com.fasterxml.jackson.core:jackson-databind CVE-2020-9548 CRITICAL 2.1.4 2.9.10.4, 2.8.11.6, 2.7.9.7
com.thoughtworks.xstream:xstream CVE-2019-10173 CRITICAL 1.4.9 1.4.11
org.apache.derby:derby CVE-2022-46337 CRITICAL 10.14.2.0 10.14.3, 10.15.2.1, 10.16.1.2, 10.17.1.0
org.postgresql:postgresql CVE-2024-1597 CRITICAL 9.4.1208 42.2.28, 42.3.9, 42.4.4, 42.5.5, 42.6.1, 42.7.2
org.springframework:spring-beans CVE-2022-22965 CRITICAL 5.1.10.RELEASE 5.2.20.RELEASE, 5.3.18
No Misconfigurations found