Skip to content

build(version-upgrade): update jococo from 0.8.8 to 0.8.10#81

Merged
sufyankhanrao merged 1 commit intomainfrom
80-address-codehaus-vulnerability
Oct 5, 2023
Merged

build(version-upgrade): update jococo from 0.8.8 to 0.8.10#81
sufyankhanrao merged 1 commit intomainfrom
80-address-codehaus-vulnerability

Conversation

@sufyankhanrao
Copy link
Copy Markdown
Collaborator

@sufyankhanrao sufyankhanrao commented Oct 5, 2023

What

This PR addresses the vulnerability of codehaus which is a transitive dependency through jococo. Upgraded jococo version from 0.8.8 to 0.8.10 verison. The vulnerability in codehaus states that the text contained in the command string could be interpreted as XML and allow for XML injection.

Why

To address this vulnerability

closes #80

Type of change

Select multiple if applicable.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause a breaking change)
  • Tests (adds or updates tests)
  • Documentation (adds or updates documentation)
  • Refactor (style improvements, performance improvements, code refactoring)
  • Revert (reverts a commit)
  • CI/Build (adds or updates a script, change in external dependencies)

Dependency Change

If a new dependency is being added, please ensure that it adheres to the following guideline https://github.com/apimatic/apimatic-codegen/wiki/Policy-of-adding-new-dependencies-in-the-core-libraries

Breaking change

If the PR is introducing a breaking change, please ensure that it adheres to the following guideline https://github.com/apimatic/apimatic-codegen/wiki/Guidelines-for-maintaining-core-libraries

Testing

List the steps that were taken to test the changes

Checklist

  • My code follows the coding conventions
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added new unit tests

@sufyankhanrao
build(version-upgrade): update jococo from 0.8.8 to 0.8.10
dc4bd97 
This commit addresses the vulnerability of codehaus which is a transitive dependency through jococo. The vulnerability in codehaus states that the text contained in the command string could be interpreted as XML and allow for XML injection.

closes #80
@sufyankhanrao sufyankhanrao added the vulnerability fix This is used whenever any vulnerability is addressed in the library. label Oct 5, 2023
@sufyankhanrao sufyankhanrao self-assigned this Oct 5, 2023
@usamabintariq usamabintariq self-requested a review October 5, 2023 12:27
@sufyankhanrao sufyankhanrao merged commit 5702415 into main Oct 5, 2023
@sufyankhanrao sufyankhanrao deleted the 80-address-codehaus-vulnerability branch October 5, 2023 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@usamabintariq usamabintariq usamabintariq approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@sufyankhanrao sufyankhanrao

Labels

vulnerability fix This is used whenever any vulnerability is addressed in the library.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Address Jococo vulnerability by upgrading from 0.8.8 to 0.8.10

2 participants

@sufyankhanrao @usamabintariq