Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

4.0.x branch has reported CVEs in Maven Central (CVE-2017-5929 and CVE-2022-45688) #229

Closed
ricardozanini opened this issue Jul 3, 2023 · 1 comment · Fixed by #230
Closed

4.0.x branch has reported CVEs in Maven Central (CVE-2017-5929 and CVE-2022-45688) #229

ricardozanini opened this issue Jul 3, 2023 · 1 comment · Fixed by #230
Assignees
@ricardozanini
Labels
bug Something isn't working security fix Security fix generated by WhiteSource

Comments

@ricardozanini
Copy link
Member

What happened:
See https://mvnrepository.com/artifact/io.serverlessworkflow/serverlessworkflow-api/4.0.3.Final

CVEs:

Anything else we need to know?:
Also, we need to cherry-pick the last CVE fixed here #193

Environment:

  • Specification version used:
@ricardozanini ricardozanini added bug Something isn't working security fix Security fix generated by WhiteSource labels Jul 3, 2023
@ricardozanini ricardozanini self-assigned this Jul 3, 2023
@ricardozanini
Copy link
Member Author

Related #192

ricardozanini added a commit to ricardozanini/sdk-java that referenced this issue Jul 3, 2023
@ricardozanini
Fix serverlessworkflow#229 - Fix CVE-2017-5929, CVE-2020-15250, and C…
a0d375c 
…VE-2022-45688

Signed-off-by: Ricardo Zanini <zanini@redhat.com>
@ricardozanini ricardozanini mentioned this issue Jul 3, 2023
Merged
ricardozanini added a commit that referenced this issue Jul 3, 2023
@ricardozanini
Merge pull request #230 from ricardozanini/issue-229
67fc9cb 
Fix #229 - Fix CVE-2017-5929, CVE-2020-15250, and CVE-2022-45688
ricardozanini added a commit to ricardozanini/sdk-java that referenced this issue Jul 3, 2023
@ricardozanini
Fix serverlessworkflow#229 - Fix CVE-2017-5929, CVE-2020-15250, and C…
5310564 
…VE-2022-45688

Signed-off-by: Ricardo Zanini <zanini@redhat.com>
@ricardozanini ricardozanini mentioned this issue Jul 3, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ricardozanini ricardozanini

Labels
bug Something isn't working security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix #229 - Fix CVE-2017-5929, CVE-2020-15250, and CVE-2022-45688 ricardozanini/sdk-java
1 participant
@ricardozanini