Security tool  JFrog Xray version 2.8.9 launched against Dollar Universe Java Components on 6.10.41 detects several Severity High alerts (basically all related to the Manager for Java that uses OpenSource Common Libraries).

Here is the list of the libraries to change/upgrade:

• log4j-1.2.15.jar
• xercerImpl-2.6.2.jar
• jasperreports-4.0.1.jar
• commons-httpclient-3.0.1.jar
• bcprov-jdk16.jar

Release : 6.x

Product: DOLLAR UNIVERSE

Subcomponents: all Java Based Components( UVMS, UVC, Reporter, DUX, Manager for Java)

Outdated common source jars used by Dollar Universe Java Based Components.

Update to a fix version listed below or a newer version if available.

Fix version(s): 
Component: UVMS, UVC, Reporter, DUX, Manager for Java
Dollar Universe 6.10.61 - Scheduled January 2021