Security Vulnerability CVE-2021-28170 in CUBA Platform 7.2.19

Hi Everyone,

We have developed our application using the CUBA platform 7.2.19.
During the synk scan we have observed high severity vulnerability in our application.Improper Input Validation in org.glassfish:javax.el | CVE-2021-28170 | Snyk
As per the suggested fix it is recommending to upgrade to latest package in org.glassfish:jakarta.el as the artifact org.glassfish:javax.el was moved to org.glassfish:jakarta.el.
Do we have any updated CUBA platform release with this fix?
Could you please help us in resovling this vulnerability.

Thanks in advance for the support.

As far as I understand, this vulnerability can hardly affect you because javax.el library is used in CUBA only for bean validation messages. The message templates are hardcoded in your application and not provided by users.

Anyway, we’ll try to update this dependency in the next CUBA patch.

Thanks Konstantin.