New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 3.28] Fix CVE #3084

Merged

sbrunner merged 1 commit into 3.28 from backport/3083-to-3.28

Oct 23, 2023

Contributor

c2c-bot-gis-ci commented Oct 23, 2023

Backport of #3083


          Fix CVE

60bc9dd

    Upgrade com.github.spotbugs:[email protected] to com.github.spotbugs:[email protected] to fix
    ✗ Out-of-bounds Write [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEBCEL-3106013] in org.apache.bcel:[email protected]
      introduced by com.github.spotbugs:[email protected] > org.apache.bcel:[email protected]

    Upgrade io.sentry:[email protected] to io.sentry:[email protected] to fix

    Upgrade org.hibernate:[email protected] to org.hibernate:[email protected] to fix

    Upgrade org.json:json@20230227 to org.json:json@20231013 to fix
    ✗ Allocation of Resources Without Limits or Throttling (new) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5962464] in org.json:json@20230227
      introduced by org.json:json@20230227

sbrunner approved these changes

View reviewed changes

sbrunner merged commit 9aa5f04 into 3.28

11 checks passed

sbrunner deleted the backport/3083-to-3.28 branch

October 23, 2023 14:43

sbrunner added the security label

sbrunner added this to the 3.28.8 milestone

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels