29 Posts getaggt mit "LTS"

Two vulnerabilities CVE-2026-24734 and CVE-2025-66614 have been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2024.2.15 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

(since 2024.2.14)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.15

Two vulnerabilities CVE-2026-24734 and CVE-2025-66614 have been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2025.2.3 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

Bugfixes​

• Fix: Suggested admin mapping (import-dialog) is now correctly displayed on Date, Filename, DateTime, Rownumber columns
• Fix: Missing English translations for Qs-Mail-Task-Form

(since 2025.2.2)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:e70a0ebe090ebaec02160451d975bde46c99c743406366494eedfd115e6c318c WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.2.3/dmc.war (sha256: bfd86054cd14e7c2674de88d4231ee31cf97931c5648a08b421d88ac0e41a04e)

A patched version of the Jackson libraries is included in the upcoming INFOMOTION Data Management Center (DMC) release 2025.2. The DMC package ships with Jackson components that are used across all deployment options. We are now releasing Data Management Center 2025.2.2 with updated Jackson dependencies to address the security vulnerability CVE-2026-29062, which affected the bundled versions of jackson-databind and jackson-core.

(since 2025.2.1)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:a79361d65d07d2ef3c7159e7e20c7a2bd267ceafe11a779d9b51c81b09e7224a WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.2.2/dmc.war (sha256: 5f7b4c446309b1d428114a918ab312f9c236914ebc538741a710341b7f4ad2b1)

Bugfixes​

• Fixed a potential ConcurrentModificationException when QS rules were executed in parallel.

(since 2024.2.13)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.14

Bugfixes​

• Fixed a potential ConcurrentModificationException when QS rules were executed in parallel.
• Fixed an issue where permission caches were not initialized during application startup.
• Prevented duplicate table selections in the Admin Command and Admin QS views while filtering.
• Fixed incorrect sortId values for tables after category changes.

Improvements​

• Added validation to prevent duplicate column names and titles when creating or updating columns.

(since 2025.2.0)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:3dd4bdf43285aa981e7c387907caf4cc1468f393a37f6f693f6d193eb9812e3c

WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.2.1/dmc.war (sha256: 842f632578726d6d91a56402351a5650531cbb0e708199e63e712d1f2e5c530b)

Features​

• Add Postgres DB support
• Add support for synchronizing column and table deletions in Snowflake.

Bugfixes​

• Fix: incorrect error handling when importing metadata packages with inconsistencies
• Fix: Don't create Deployment Set during import package validation
• Fix: Exporting Application could cause IndexOutOfBounds-Exception
• Fix: Allow editing when domain values are invalid by showing outdated entries...
• Fix: Deleting a category did not trigger UI refresh

Improvements​

• Users can now save changes directly in multi-edit mode without navigating...
• Restrict TablePermController Endpoints to users with GRANT Permission
• Improved performance of Create-Table-Process

(since 2025.1.5)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:c1d02d17db47aa1d394b7710bd644e52a110e400d9b46571538ee56015066d1e

WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.2.0/dmc.war (sha256: c02f4fd250d8ce3133ab3f7eff3c9ff32a7aacb949ace5b1bd0fd14ea0a68c49)

With the release of DMC version 2025.2 with long-term-support (LTS), the previous LTS version 2024.2 is reaching it's end of life.

We will continue to offer security patches until 15.03.2026 to give customers time to upgrade to the new 2025.2 LTS release.

Two vulnerabilities CVE-2025-55752 and CVE-2025-55754 have been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2024.2.13 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

(since 2024.2.12)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.13

A version of the Microsoft JDBC Driver for SQL Server is included in the INFOMOTION Data Management Center package and used across all deployment options. We are now releasing an updated version 2024.2.12 of Data Management Center that includes a patched version of the Microsoft JDBC Driver for SQL Server to address CVE-2025-59250.

Bugfixes​

• Fix: Table-UI (List of tables) did not update when a table was deleted

(since 2024.2.11)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.12

CVE-2025-41242​

A vulnerability in the Spring Framework CVE-2025-41249 has been reported. The INFOMOTION Data Management Center (DMC) includes the Spring Framework as part of its package.

Based on our analysis and existing automated tests of authorization procedures, we do not believe Data Management Center to be impacted by the vulnerability.

Nonetheless, we are now releasing an updated version 2024.2.11 of Data Management Center that includes a patched version of the Spring Framework.

Dependency Upgrades​

• Upgrade Spring Boot from 6.2.10 to 6.2.11.

Features​

• Added ENV Parameter DMC_TRIM_ALL_NON_PKS to trim all non-primary-key fields.

Bugfixes​

• Ensured proper rollback of caches when DeploymentSet import fails due to exceptions.
• Fixed incorrect validation in Trigger Form.
• Fixed incorrect validation in Task Form.
• Fixed translation error in Table-View.
• Resolved error in Admin-Task-View caused by invalid commands missing a tableId. Added a tooltip to indicate when a command is invalid and will not be scheduled.
• Improved error message for Objects not found: COMMAND #-2147483648 when deleting a command referenced by a task.
• Editing is now possible when domain values are invalid; outdated entries (not part of the list of values) are shown with a warning.
• Fixed issue where entries could not be deleted if a primary key field was set to null.
• Scheduled commands that fail due to a missing command are now automatically unscheduled.

(since 2024.2.10)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.11

CVE-2025-48989​

A vulnerability CVE-2025-48989 has been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2024.2.10 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

CVE-2025-41242​

A vulnerability CVE-2025-41242 has been disclosed, affecting certain Spring Framework MVC applications in non-compliant servlet environments.

The INFOMOTION Data Management Center (DMC) includes the Spring Framework as part of its package.
We are now releasing an updated version 2024.2.10 of Data Management Center that includes a patched version of Spring Framework.

Please note:

• Deployments of DMC using the embedded Tomcat servlet container are not affected by this vulnerability, since Tomcat properly rejects malicious path sequences.
• Nevertheless, we include the patched Spring Framework in this release to ensure ongoing security and compatibility.
• If DMC is deployed within a custom servlet container, that environment should be checked and updated accordingly.

Dependency Upgrades​

• Upgrade Tomcat from 10.1.43 to 10.1.44 to avoid potential issues with CVE-2025-48989.
• Upgrade Spring Boot from 6.2.8 to 6.2.10 to avoid potential issues with CVE-2025-41242

Bugfixes​

• Fixed an issue where List-of-Values without a filterColumn failed with cryptic errors.
• Fixed an issue where the checkmark on the update view is shows the incorrect state.
• Fixed an issue where QS rules were not revalidated when the table changes, which resulted in invalid SQLs.
• Fixed an issue where commands configured with QA CHECK BEFORE EXECUTION and Abort on error failed with a INTERNAL_SERVER_ERROR if no QA rules were defined.
• Fixed a header configuration error within table/{tableId}/data/delete.
• Prevented use of SQL keywords in columnName or title during Create-Table-Process.
• Fixed cryptic errors in the TablePerm workflow.
• Fixed a deserialization error for table permissions during the create process.
• Fixed an issue where the view did not update after importing a Deployment Set.
• Fixed an issue where attempting to rename a column during deployment-import lead to cryptic error message

Improvements​

• Enhanced Field descriptions within Input-Data fields.

(since 2024.2.9)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.10

Two separate vulnerabilities CVE-2025-53506 and CVE-2025-52520 have been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2024.2.9 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

Dependecy Upgrades​

• Upgrade to Spring Boot 3.4.8 including embedded Tomcat 10.1.43 to avoid potential issues with CVE-2025-53506 and CVE-2025-52520

(since 2024.2.8)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.9

A vulnerability CVE-2025-48988 has been disclosed, affecting the Tomcat Web Application Server:
"DoS in multipart upload"

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2024.2.8 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that Tomcat installation should be patched as well.

Dependency Upgrades​

• Upgrade to Spring Boot 3.4.7 including embedded Tomcat 10.1.42 to avoid potential issues with CVE-2025-48988

(since 2024.2.7)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.8

The Spring project has published a Security Advisory concerning Spring Framework, an open-source library used by INFOMOTION Data Management Center.

Based on our analysis and the available information, the relevant vulnerability CVE-2025-41234 does not affect INFOMOTION Data Management Center since our application does not prepare headers using org.springframework.http.ContentDisposition.

Nonetheless, we are publishing a Patch Release of Data Management Center with an updated & fixed version of Spring Framework.

Dependency Upgrades​

• Upgrade to Spring Framework from 6.2.5 to 6.2.8 to avoid potential issues with CVE-2025-41234

(since 2024.2.6)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.7

Bugfixes​

• Properly load previously defined triggers on application startup
• Execute scheduled tasks as system user to avoid permissions errors
• Fix behaviour for very-high-precision numbers on MSSQL

(since 2024.2.5)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.6

Two separate vulnerabilities CVE-2025-31650 and CVE-2025-31651 have been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2024.2.5 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

Dependecy Upgrades​

• Upgrade to Spring Boot 3.4.5 including embedded Tomcat 10.1.40 to avoid potential issues with CVE-2025-31650 and CVE-2025-31651

(since 2024.2.4)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.5

Bugfixes​

• Upgrade to Spring Boot 3.4.4 including embedded Tomcat 10.1.39 to avoid potential issues with CVE-2025-24813

(since 2024.2.3)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.4

Bugfixes​

• Allow users to choose .xlsm files for upload

• Use base image containing shell & mkdir for DMC container build

(since 2024.2.2)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.3

Bugfixes​

• Properly report all columns if multiple required columns are missing

(since 2024.2.1)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.2

Bugfixes​

• Avoid error message when uploading files with duplicate (case-insensitive) column name
• Fix error when displaying all QS violations with QS rules containing placeholders
• Container Image only: Update included Java Runtime Environment (JRE) to 17.0.14 fixing CVE-2025-21502

(since 2024.2.0)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.1