https://community.qlik.com/t5/Qlik-Replicate/ECRScan-on-Replicate-product/m-p/2502878#M13573 <P>This is an interesting post. I am following.</P> Fri, 24 Jan 2025 15:43:19 GMT diegozecchini 2025-01-24T15:43:19Z https://community.qlik.com/t5/Qlik-Replicate/ECRScan-on-Replicate-product/m-p/2502844#M13571 <P>Hello,</P> <P>We are using Amazon ECRScan to find security vulnerabilities on our system, we have discovered 7 CVE (CVE-2023-2976&nbsp;CVE-2023-3635&nbsp;CVE-2024-7254&nbsp;CVE-2024-8184&nbsp;CVE-2024-6763&nbsp;CVE-2020-29582&nbsp;CVE-2020-8908&nbsp;CVE-2024-47535) inside Qlik Replicate product, the effected libraries are the following:<BR /><BR />opt/attunity/replicate/java/arep-google-cloud.jar<BR />opt/attunity/replicate/java/java_file_factory.jar<BR />opt/attunity/replicate/endpoint_srv/externals/jetty-server-11.0.18.jar<BR />opt/attunity/replicate/endpoint_srv/externals/kotlin-stdlib-1.6.0.jar<BR />opt/attunity/replicate/java/arep-event-hubs.jar</P> <DIV class="macie-one-column-view-container"> <DIV class="awsui_root_18wu0_1qbfe_99 awsui_box_18wu0_1qbfe_219 awsui_color-default_18wu0_1qbfe_219 awsui_font-size-default_18wu0_1qbfe_235 awsui_font-weight-default_18wu0_1qbfe_275"> <DIV class="macie-one-column-header detail-panel-one-column-child">Replicate version is November 2024, my questions/doubts are the following:&nbsp;</DIV> <DIV class="macie-one-column-header detail-panel-one-column-child">- Is it safe to assume that "arep-google-cloud.jar" is used <U>exclusively</U>&nbsp;for enpoint using <STRONG>Google Cloud</STRONG> as target/source and since we don't have those we can ignore the vulnerability/upgrade the library?</DIV> <DIV class="macie-one-column-header detail-panel-one-column-child">- Is it safe to assume that "java_file_factory.jar" is used <U>exclusively</U>&nbsp;for enpoint using <STRONG>File</STRONG> as target/source and since we don't have those we can ignore the vulnerability/upgrade the library?</DIV> <DIV class="macie-one-column-header detail-panel-one-column-child">&nbsp;</DIV> <DIV class="macie-one-column-header detail-panel-one-column-child">Do you have any insight on what the other 3 libraries are used for? (opt/attunity/replicate/endpoint_srv/externals/jetty-server-11.0.18.jar, opt/attunity/replicate/endpoint_srv/externals/kotlin-stdlib-1.6.0.jar, opt/attunity/replicate/java/arep-event-hubs.jar)</DIV> </DIV> </DIV> <P>&nbsp;</P> <P>Thanks for you help</P> <P>Kind Regards</P> <P>Gianluca</P> <P>&nbsp;</P> Fri, 24 Jan 2025 13:51:00 GMT https://community.qlik.com/t5/Qlik-Replicate/ECRScan-on-Replicate-product/m-p/2502844#M13571 gianlucasaturno 2025-01-24T13:51:00Z https://community.qlik.com/t5/Qlik-Replicate/ECRScan-on-Replicate-product/m-p/2502878#M13573 <P>This is an interesting post. I am following.</P> Fri, 24 Jan 2025 15:43:19 GMT https://community.qlik.com/t5/Qlik-Replicate/ECRScan-on-Replicate-product/m-p/2502878#M13573 diegozecchini 2025-01-24T15:43:19Z https://community.qlik.com/t5/Qlik-Replicate/ECRScan-on-Replicate-product/m-p/2502929#M13575 <P>Hello&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/309928">@gianlucasaturno</a>&nbsp;,</P> <P>Thanks for reaching out to Qlik Community!</P> <P>We need CF/R&amp;D help to confirm it. Please open a support ticket ,Our support team will be more than happy to assist you.</P> <P>Regards,</P> <P>John.</P> Sun, 26 Jan 2025 03:16:59 GMT https://community.qlik.com/t5/Qlik-Replicate/ECRScan-on-Replicate-product/m-p/2502929#M13575 john_wang 2025-01-26T03:16:59Z