CIB seven 2.0.8 CE+ - Release Notes

Release Date: February 19, 2026

Highlights

Updated CIB seven to resolve CVE in third party libraries

Technical Updates

Dependency Updates

Update Spring Boot from 3.5.9 to 3.5.10
Update tomcat from 10.1.49 to 10.1.52
Update nodejs from 20.14.0 to 24.13.1
Update npm from 10.7.0 to 11.8.0

Resolved CVE Vulnerabilities

Critical Severity

CVE-2025-15467 - CVSS 9.8. affects 2 packages: libcrypto3, libssl3

High Severity

CVE-2025-69419 - CVSS 7.4. affects 2 packages: libcrypto3, libssl3
CVE-2025-69421 - CVSS 6.5. affects 2 packages: libcrypto3, libssl3
CVE-2026-21932 - CVSS 7.4. Package: openjdk21-jre-headless
CVE-2026-21945 - CVSS 7.5. Package: openjdk21-jre-headless

Medium Severity

CVE-2025-11187 - CVSS 6.1. affects 2 packages: libcrypto3, libssl3
CVE-2025-15468 - CVSS 5.9. affects 2 packages: libcrypto3, libssl3
CVE-2025-15469 - CVSS 5.5. affects 2 packages: libcrypto3, libssl3
CVE-2025-66199 - CVSS 5.9. affects 2 packages: libcrypto3, libssl3
CVE-2025-68160 - CVSS 4.7. affects 2 packages: libcrypto3, libssl3
CVE-2025-69418 - CVSS 4.0. affects 2 packages: libcrypto3, libssl3
CVE-2025-69420 - CVSS 5.9. affects 2 packages: libcrypto3, libssl3
CVE-2026-22795 - CVSS 5.5. affects 2 packages: libcrypto3, libssl3
CVE-2026-22796 - CVSS 5.9. affects 2 packages: libcrypto3, libssl3
CVE-2026-21925 - CVSS 4.8. Package: openjdk21-jre-headless
CVE-2026-21933 - CVSS 6.1. Package: openjdk21-jre-headless

Low Severity

CVE-2026-1225 - Package: ch.qos.logback:logback-core

On this Page: