Dec 14, 2020 7:01 pm EST
Categorized: High Severity
Share this post:
Versions of IBP images javaenv and dind before 2.5.1 included a version of gradle that depended upon vulnerable Apache libraries. Gradle is a build system, intended to aid in building chaincode, though not required for building chaincode.
Affected product(s) and affected version(s):
|IBM Blockchain Platform (Software/on-prem)
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6381832