Rapid7 is reporting a vulnerability in the MySQL Connector (MySQL Connector/J) that is present in the NetXMS\lib\java\mysql-connector-java-8.0.28.jar file. I installed NetXMS 4.2 and discovered that the 4.2 release still contains the 8.0.28 version of the MySQL components. Can the MySQL Connector components be updated to v8.0.31 so that this vulnerability can be remediated? Oracle MySQL Risk Matrix (https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixMSQL) for reference.
Thank you
Just updated dependencies in development branch, next patch release will include 8.0.31. But this connector is only used by reporting server when your database is MySQL, so if you are not on MySQL or not using reporting server you are safe anyway.
Best regards,
Victor
Victor, this has been resolved. Thank you!