Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump spring versions in response to CVE-2020-5398 #1003

Merged
merged 1 commit into from
Feb 25, 2020
Merged

Bump spring versions in response to CVE-2020-5398 #1003

merged 1 commit into from
Feb 25, 2020

Conversation

melowe
Copy link
Contributor

@melowe melowe commented Feb 25, 2020

fix for "[WARNING] Rule 3: org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies failed with message:

Detected 1 vulnerable components:
org.springframework:spring-core:jar:5.1.2.RELEASE:test; https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-core@5.1.2.RELEASE

@melowe
fix for "[WARNING] Rule 3: org.sonatype.ossindex.maven.enforcer.BanVu…
0b74fcd 
…lnerableDependencies failed with message:

         Detected 1 vulnerable components:
           org.springframework:spring-core:jar:5.1.2.RELEASE:test; https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-core@5.1.2.RELEASE
             * [CVE-2020-5398] In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.... (7.5); https://ossindex.sonatype.org/vuln/07e93ccb-05c0-405d-9df8-56a5acf32070"

  Bump spring versions.
@codecov-io
Copy link

Codecov Report

Merging #1003 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #1003   +/-   ##
=========================================
  Coverage     99.31%   99.31%           
  Complexity     2233     2233           
=========================================
  Files           337      337           
  Lines          6100     6100           
  Branches        363      363           
=========================================
  Hits           6058     6058           
  Misses            5        5           
  Partials         37       37

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 881479b...0b74fcd. Read the comment docs.

@melowe melowe merged commit 04111e1 into master Feb 25, 2020
melowe added a commit that referenced this pull request Feb 28, 2020
@melowe
fix for "[WARNING] Rule 3: org.sonatype.ossindex.maven.enforcer.BanVu…
c792d73 
…lnerableDependencies failed with message: (#1003)

Detected 1 vulnerable components:
           org.springframework:spring-core:jar:5.1.2.RELEASE:test; https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-core@5.1.2.RELEASE
             * [CVE-2020-5398] In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.... (7.5); https://ossindex.sonatype.org/vuln/07e93ccb-05c0-405d-9df8-56a5acf32070"

  Bump spring versions.
@prd-fox prd-fox deleted the fix_cve_2020_5398 branch August 12, 2020 08:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chris-j-h chris-j-h chris-j-h approved these changes

@namtruong namtruong namtruong approved these changes

@nicolae-leonte-go nicolae-leonte-go Awaiting requested review from nicolae-leonte-go

@prd-fox prd-fox Awaiting requested review from prd-fox

@SatpalSandhu61 SatpalSandhu61 Awaiting requested review from SatpalSandhu61

Assignees
No one assigned
Labels
0.10.5 security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@melowe @codecov-io @namtruong @chris-j-h @Krish1979