VYPR

Maven package

dev.dsf/dsf-bpe-server

pkg:maven/dev.dsf/dsf-bpe-server

Vulnerabilities (2)

  • CVE-2026-40942MedApr 21, 2026
    affected >= 0

    The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison (isBefore instead of isAfter), causing the cache to never return cache

  • CVE-2026-40939MedApr 21, 2026
    affected >= 0

    The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access