-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Dokka documentation to artifacts #715
Conversation
@@ -191,6 +196,36 @@ all modules and does not describe the project structure per-subproject. | |||
<artifactId>org.jacoco.ant</artifactId> | |||
<version>0.8.7</version> | |||
</dependency> | |||
<dependency> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Critical OSS Vulnerability:
pkg:maven/org.jetbrains.dokka/all-modules-page-plugin@1.6.10
3 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 2 dependencies
Components
pkg:maven/org.jsoup/jsoup@1.13.1
CRITICAL Vulnerabilities (1)
[CVE-2021-37714] CWE-248: Uncaught Exception
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-248
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.4
CRITICAL Vulnerabilities (2)
CVE-2020-36518
[CVE-2020-36518] CWE-787: Out-of-bounds Write
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
sonatype-2021-4682
[sonatype-2021-4682] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
jackson-databind - Denial of Service (DoS)
The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
<artifactId>jekyll-template-processing-plugin</artifactId> | ||
<version>1.6.10</version> | ||
</dependency> | ||
<dependency> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Critical OSS Vulnerability:
pkg:maven/org.jetbrains.dokka/kotlin-as-java-plugin@1.6.10
3 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 2 dependencies
Components
pkg:maven/org.jsoup/jsoup@1.13.1
CRITICAL Vulnerabilities (1)
[CVE-2021-37714] CWE-248: Uncaught Exception
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-248
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.4
CRITICAL Vulnerabilities (2)
CVE-2020-36518
[CVE-2020-36518] CWE-787: Out-of-bounds Write
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
sonatype-2021-4682
[sonatype-2021-4682] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
jackson-databind - Denial of Service (DoS)
The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
<artifactId>all-modules-page-plugin</artifactId> | ||
<version>1.6.10</version> | ||
</dependency> | ||
<dependency> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Critical OSS Vulnerability:
pkg:maven/org.jetbrains.dokka/dokka-base@1.6.10
3 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 2 dependencies
Components
pkg:maven/org.jsoup/jsoup@1.13.1
CRITICAL Vulnerabilities (1)
[CVE-2021-37714] CWE-248: Uncaught Exception
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-248
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.4
CRITICAL Vulnerabilities (2)
CVE-2020-36518
[CVE-2020-36518] CWE-787: Out-of-bounds Write
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
sonatype-2021-4682
[sonatype-2021-4682] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
jackson-databind - Denial of Service (DoS)
The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
<artifactId>dokka-core</artifactId> | ||
<version>1.6.10</version> | ||
</dependency> | ||
<dependency> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Critical OSS Vulnerability:
pkg:maven/org.jetbrains.dokka/gfm-template-processing-plugin@1.6.10
3 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 2 dependencies
Components
pkg:maven/org.jsoup/jsoup@1.13.1
CRITICAL Vulnerabilities (1)
[CVE-2021-37714] CWE-248: Uncaught Exception
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-248
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.4
CRITICAL Vulnerabilities (2)
CVE-2020-36518
[CVE-2020-36518] CWE-787: Out-of-bounds Write
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
sonatype-2021-4682
[sonatype-2021-4682] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
jackson-databind - Denial of Service (DoS)
The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
<artifactId>gfm-template-processing-plugin</artifactId> | ||
<version>1.6.10</version> | ||
</dependency> | ||
<dependency> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Critical OSS Vulnerability:
pkg:maven/org.jetbrains.dokka/jekyll-template-processing-plugin@1.6.10
3 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 2 dependencies
Components
pkg:maven/org.jsoup/jsoup@1.13.1
CRITICAL Vulnerabilities (1)
[CVE-2021-37714] CWE-248: Uncaught Exception
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-248
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.4
CRITICAL Vulnerabilities (2)
CVE-2020-36518
[CVE-2020-36518] CWE-787: Out-of-bounds Write
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
sonatype-2021-4682
[sonatype-2021-4682] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
jackson-databind - Denial of Service (DoS)
The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
<artifactId>dokka-base</artifactId> | ||
<version>1.6.10</version> | ||
</dependency> | ||
<dependency> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Critical OSS Vulnerability:
pkg:maven/org.jetbrains.dokka/dokka-core@1.6.10
3 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 2 dependencies
Components
pkg:maven/org.jsoup/jsoup@1.13.1
CRITICAL Vulnerabilities (1)
[CVE-2021-37714] CWE-248: Uncaught Exception
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-248
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.4
CRITICAL Vulnerabilities (2)
CVE-2020-36518
[CVE-2020-36518] CWE-787: Out-of-bounds Write
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
sonatype-2021-4682
[sonatype-2021-4682] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
jackson-databind - Denial of Service (DoS)
The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
Codecov Report
@@ Coverage Diff @@
## master #715 +/- ##
=========================================
Coverage 79.08% 79.08%
Complexity 1757 1757
=========================================
Files 246 246
Lines 5786 5786
Branches 440 440
=========================================
Hits 4576 4576
Misses 1037 1037
Partials 173 173 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tripolkaandrey LGTM.
Next time let's discuss the vulnerabilities discovered by the Sonatype Lift bot first.
This PR adds Dokka-generated documentation as a publish artifact.
It is done by using functionality introduced in this PR in config.
Also, while updating the config, the outdated
groovy
directory was removed.