Powered by Zoomin Software. For more details please contactZoomin

What's New for Semaphore

Vulnerabilities reported in Semaphore Products

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
Table of Contents

Vulnerabilities reported in Semaphore Products

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 29, 2026
  • 2 minute read
    • Semaphore
    • Documentation

Every night the Semaphore products are scanned for vulnerabilities. Critical and High vulnerabilities are assessed each morning. Generally critical and high vulnerability issues are dealt with immediately with new Semaphore releases where required. However, some vulnerabilities are deemed false positives and so might show up in your scans. A list of these is below.

CVE number Description Planned Action
CVE-2024-2700 This is an issue where some development environment variables are persisted into the production code. However, we do not set quarkus prefixed environment variables in our build system; therefore, this does not apply to our product. To remove the false positive, this library will be updated in accordance with the usual upgrade schedule.
CVE-2024-32007 We do not use the vulnerable functionality in the Apache CFX library. To remove the false positive, this library will be updated in accordance with the usual upgrade schedule.
GHSA-qh8g-58pp-2wxh CVSS score recalculated to 1.9. Affects jetty-http 9.4.56.v20240826. This issue was already addressed in 9.4.57 version, so the issue no longer exists in 9.4.58.v20250814.
GHSA-68r2-fwcg-qpm8 CVSS score recalculated to 3.9. Affects solr-core. See bug 22924 for more info. Assessed as low risk - no action planned.
GHSA-4p5m-gvpf-f3x5 CVSS score recalculated to 2.1. Affects solr-core. See bug 22926 for more info. Assessed as low risk - no action planned.
GHSA-jmp9-x22r-554x Affects spring-core 6.1.14. This is a false positive. We do not satisfy all the conditions that make us vulnerable to this issue. We do not use the vulnerable functionality - no action planned.
GHSA-vc2w-4v3p-2mqw/CVE-2026-22444 Affects solr-core. This is a false positive because SOLR in our case is running in cloud mode and Create Core API is only exposed to Administrators. Solr deployments are only subject to this vulnerability in standalone mode with allowPath restrictions and when Create Core API is exposed to untrusted users. This does not apply to our configuration.
GHSA-qr3p-2xj2-q7hq/CVE-2026-22022 Affects solr-core. This vulnerability was mitigated by expanding and refining the role and privilege model to ensure regular users operate with the minimum necessary privileges. Mitigated — resolved through privilege management.
TitleResults for “How to create a CRG?”Also Available inAlert