Oracle MySQL Patch Update Advisory

rdarmstrong007 · November 16, 2022, 03:59:28 PM

Rapid7 is reporting a vulnerability in the MySQL Connector (MySQL Connector/J) that is present in the NetXMS\lib\java\mysql-connector-java-8.0.28.jar file. I installed NetXMS 4.2 and discovered that the 4.2 release still contains the 8.0.28 version of the MySQL components. Can the MySQL Connector components be updated to v8.0.31 so that this vulnerability can be remediated? Oracle MySQL Risk Matrix for reference.

Thank you

Victor Kirhenshtein · November 21, 2022, 11:35:14 AM

Just updated dependencies in development branch, next patch release will include 8.0.31. But this connector is only used by reporting server when your database is MySQL, so if you are not on MySQL or not using reporting server you are safe anyway.

Best regards,
Victor

rdarmstrong007 · December 15, 2022, 09:08:00 PM

Victor, this has been resolved. Thank you!

NetXMS Support Forum

News:

Oracle MySQL Patch Update Advisory

rdarmstrong007

Victor Kirhenshtein

rdarmstrong007