Security Improvements
This section lists changes made to improve Sinch Contact Pro security.
Log4j-core is no longer used in Sinch Contact Pro.
The module ECFFrontEndServer has been updated to Apache Tomcat Native to the version 1.2.32 stable.
Java-based open source libraries have been updated:
- bcpkix-jdk15on 1.69 → 1.70
- commons-compress 1.21→ 1.22
- commons-lang3 3.11 → 3.12.0
- cors.filter 2.9.1 → 2.10
- jmh 1.33 →1.34
- log4j-api 2.16.0 → 2.17.1
- snakeyaml.version 1.30 →1.33
- xercesImpl 2.12.1 → 2.12.2
- jna 5.11.0 → 5.12.1
- org.apache.poi 5.2.2 → 5.2.3
- nimbus-jose-jwt 9.24.2 → 9.25.6
- json 20220320 → 20220924
- redisson 3.17.5 → 3.18.0
- guava 31.0.1-jre → 31.1-jre
- logback-classic 1.2.10 → 1.2.11
- log4j 2.18.0 → 2.19.0
- jackson 2.13.3 → 2.14.0
- tomcat 8.5.82 → 8.5.83
- com.sun.xml.ws 2.3.3 → 2.3.5
- xmlsec 3.0.0 → 3.0.1
- woodstox-core 6.3.1 → 6.4.0
- jersey 2.36 → 2.37
- spring-aop 5.3.22 → 5.3.23
- hibernate-validator 6.2.2.Final → 6.2.4.Final
- Tomcat native DLL 1.2.33 → 1.2.35