Want to upgrade teiid dependency spring framwork to latest 5.0.2 due to vulnerabilities

raja.narendra Apr 26, 2018 8:25 AM

We are using teiid 9.0.1 as part of out product. due to some security vulnerabilities with dependent spring framework, we upgraded to nearest spring framework upgrade(3.2.16).

Again, there are new vulnerabilities in spring 3.2.16 Release. we want to upgrade spring framework to 5.0.2.

spring modules we are planning to upgrade are spring-aop and spring-core.

Please suggest do we expect any side effects with these upgrades.

1. Re: Want to upgrade teiid dependency spring framwork to latest 5.0.2 due to vulnerabilities

rareddy Apr 26, 2018 9:04 AM (in response to raja.narendra)

We have no idea, that is for you to figure out what components of Spring you used in YOUR application and how that effects it. Teiid only uses Spring in couple resource-adapter configuration optionally.
Actions
2. Re: Want to upgrade teiid dependency spring framwork to latest 5.0.2 due to vulnerabilities

raja.narendra Apr 26, 2018 10:37 AM (in response to raja.narendra)

we want to upgrade spring framework jar associated with teiid-engine. You mean to say teiid-engine, api, admin, connectors don't have any dependency on spring framework. spring framework libraries download by default when we build component related to teiid.
Actions
3. Re: Want to upgrade teiid dependency spring framwork to latest 5.0.2 due to vulnerabilities

rareddy Apr 26, 2018 10:42 AM (in response to raja.narendra)

Are you using Embedded Teiid? If yes, then there are no dependencies from teiid-engine, api, admin. Only "salesforce" and "ws" connectors have an optional dependency for configuration purpose.
Actions
4. Re: Want to upgrade teiid dependency spring framwork to latest 5.0.2 due to vulnerabilities

raja.narendra Apr 27, 2018 12:41 AM (in response to raja.narendra)

Yes, We are using Embedded Teiid.
This answers my concerns.Thanks for the help.
Actions

Go to original post