Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cherry-pick CVEs fixes and javadoc upgrade #231

Merged

Conversation

ricardozanini
Copy link
Member

Many thanks for submitting your Pull Request ❤️!

What this PR does / why we need it:
Cherry pick for:

Special notes for reviewers:
As soon as we merge this, we can release 4.0.4

Additional information (if needed):

manick02 and others added 3 commits July 3, 2023 18:29
Signed-off-by: manick02 <manickavasagam.sundaram@gmail.com>
…VE-2022-45688

Signed-off-by: Ricardo Zanini <zanini@redhat.com>
Signed-off-by: Ricardo Zanini <zanini@redhat.com>
@ricardozanini ricardozanini self-assigned this Jul 3, 2023
@ricardozanini ricardozanini added the security fix Security fix generated by WhiteSource label Jul 3, 2023
@ricardozanini ricardozanini merged commit f87a94b into serverlessworkflow:4.0.x Jul 4, 2023
@ricardozanini ricardozanini deleted the cherry-pick-cve-4.0.3 branch July 4, 2023 10:47
@shahbaaz31here
Copy link

Hi Members,
The org.json dependency is detected with a vulnerability very recently which is being used in 4.0.4.Final :
https://mvnrepository.com/artifact/io.serverlessworkflow/serverlessworkflow-api/4.0.4.Final
It seems we have to upgrade the org.json dependency version to [20231013] to incorporate the fix as per https://mvnrepository.com/artifact/org.json/json releases.

Thought of starting a thread here so that it gets highlighted and addressed. Not really sure on the process, so curious to ask whether it'll be patched in the same version i.e 4.0.4.Final ?

@ricardozanini
Copy link
Member Author

ricardozanini commented Oct 24, 2023

@shahbaaz31here please see #273. Can you try that PR on your end? I'm on the verge of releasing it, so more checks would be great.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants