Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potentially vulnerable dependencies #1345

Open
ChGen opened this issue Nov 30, 2023 · 2 comments
Open

Potentially vulnerable dependencies #1345

ChGen opened this issue Nov 30, 2023 · 2 comments
Labels
stale

Comments

@ChGen
Copy link
Collaborator

ChGen commented Nov 30, 2023

Currently we have various dependencies which may use outdated and vulnerable code with know CVEs. It's reported by IDE Idea for example, and periodically by GitHub too. Also it is concern for the users (see below). So we need to revise all our dependencies, including dependencies in our tests and our adapers. And make our GitHub CI check/report relevant security issues in explicit manner.

Evgeny, [24.11.2023 15:17]
Have you tried prebuilt docker images, for example, the latest artipie/artipie:v0.30.10  ?
Ram, [24.11.2023 15:18]
Let me try with it, mainly there are CVE vulnerabilies in the precompiled jar
@bade02r
Copy link

bade02r commented Dec 6, 2023

Here are few jars that needs to updated:

org.apache.commons:commons-text: Installed version / Fixed version0:1.6 / 1.10.0
com.google.code.gsongson: Installed version / Fixed version 0:2.8.6 / 2.8.9
org.redisson:redisson: Installed version / Fixed version 0:3.17.4 / 3.22.0

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 4, 2024

Issue is stale, CC: @artipie/maintainers

@github-actions github-actions bot added the stale label Feb 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ChGen @bade02r